What is the purpose of HIPAA?

Published on : 15 Sep 2021


What is the Purpose Of HIPAA

The Health Insurance Portability and Accountability Act which is also known as HIPAA is an important law affecting the healthcare industry in the US. Introduced in the year 1996, the legislation was earlier established to help employees with their health insurance coverage during the time frame between two jobs.

 It also required healthcare organizations to implement controls to secure patient data against healthcare fraud. However, over the years the legislation evolved and eventually focused on protecting the privacy of patient’s data. Today, HIPAA is best known for protecting the privacy of patient data by appropriately implementing the necessary security requirements outlined in the regulation. This would include implementing HIPAA Security Rules, Privacy Rules, Breach Notification Rules, and Omnibus Rule.

The purpose of the HIPAA Rule was to limit access, restrict disclosure, protect Patient Health Information (PHI), and notify the authorities and people affected by incidents of a data breach. This is mainly to ensure data in both physical and electronic form are appropriately secured, controlled and an auditable trail of PHI activity is maintained. In short, the purpose of HIPAA is to improve the efficiency, security, and privacy of PHI data in the healthcare industry.

Narendra Sahoo
Narendra Sahoo

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.