Enter to open, tab to navigate, enter to select
HIPAA and Health Information Privacy Compliance Toolkit
Practical Law Toolkit w-002-2525 (Approx. 13 pages)
HIPAA and Health Information Privacy Compliance Toolkit
by Practical Law Data Privacy & Cybersecurity
| Maintained • USA (National/Federal) |
Resources to assist healthcare organizations and other US businesses that collect, process, share, or handle individuals' sensitive medical, health, or biometric information to create, implement, and manage privacy and data security compliance programs.
The widespread adoption of electronic medical records and the explosion of personal health and fitness trackers, mobile applications, and medical devices that gather health and biometric data have dramatically increased the amount of personal health information stored digitally. Regulators are increasingly focusing on health and medical data privacy, and failure to comply with these privacy and data security laws can result in significant adverse consequences, including:
- Government investigations and sanctions.
- Private lawsuits.
- Diminished brand reputation and lost sales.
Federal and state laws protecting the privacy and security of this highly sensitive health and medical information include:
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA), which, as expanded by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), regulates the use, disclosure, and security of protected health information by HIPAA covered entities (including health plans and health care providers) and their business associates.
- The Federal Trade Commission Act and the FTC's Health Breach Notification Rule (16 C.F.R. §§ 318.1 to 318.9).
- State privacy, data breach, and other laws.
This Toolkit contains resources that provide practical guidance on complying with US laws and standards that apply to the collection, use, disclosure, and protection of individuals' medical and health information.