HIPAA and Health Information Privacy Compliance Toolkit
Resources to help businesses, including healthcare institutions, that handle individual's medical, health, and biometric information, in creating, implementing, and reviewing privacy and data security compliance programs.
The widespread adoption of electronic medical records and the explosion of personal health and fitness trackers, mobile applications, and medical devices that gather health and biometric data have dramatically increased the amount of personal health information stored digitally. Federal and state laws protecting the privacy and security of this highly sensitive health and medical information include:
The Health Insurance Portability and Accountability Act of 1996 ( www.practicallaw.com/1-501-6222) (HIPAA), which, as expanded by the Health Information Technology for Economic and Clinical Health Act ( www.practicallaw.com/3-501-7466) (HITECH Act) regulates the use, disclosure and security of protected health information ( www.practicallaw.com/8-501-6596) by HIPAA covered entities (including health plans and health care providers) and their business associates.
The Federal Trade Commission Act ( www.practicallaw.com/6-383-6476) and the FTC's Health Breach Notification Rule (16 C.F.R. §§ 318.1 - 318.9).
State data breach and other laws.
Failure to comply with these privacy and data security laws can result in significant adverse consequences, including:
Government investigations and sanctions.
Diminished brand reputation and lost sales.
This Toolkit contains continuously maintained resources that provide practical guidance on complying with laws and standards that apply to the collection, use, disclosure, and protection of individuals' medical and health information.