What is HIPAA?
In 1996 the federal government passed that Health Insurance Portability & Accountability Act to help protect patient information while creating a standard that all insurance companies and healthcare practitioners must follow. With computers increasingly being used for the collection and storage of medical records the act was modified to provide standards for protecting records stored electronically.
Protected Health Information
The act detailed out what information was to be protected from the patients files. Standards were created on how the information needed to be protected (physical protection and electronic record protection added later).
If it was determined that confidential information was even possibly disclosed reporting standards were created. Depending on the size of the possible disclosure (a single patient, the entire patient base or anywhere in between) the practice needed to follow the standards or risk being fined. If the disclosure was large enough, fines were also to be handed out.
Who must comply?
The obvious answer would be the insurance companies and healthcare providers. However, it isn't that simple as it also required insurance clearing houses, computer companies who work on any compure that may have confidential information, possible lawyers working for not only a healthcare provider but who also represent clients in cases that contain medical records, etc. In short, if you are storing confidential health information you must comply wih HIPAA.