NemoClaw Knowledge Wiki

hipaa

2 min read

🗂️ Health & Wellbeing · View mindmap

HIPAA

Health Insurance Portability and Accountability Act (HIPAA) is a US federal law enacted in 1996 that mandates the protection of sensitive patient health information. It establishes national standards for the protection of individually identifiable health information, known as Protected Health Information (PHI).

Core Components

  • Privacy Rule: Sets national standards for the protection of PHI, including patient rights to access their records.
  • Security Rule: Requires administrative, physical, and technical safeguards for electronic PHI (ePHI).
  • Breach Notification Rule: Mandates notifications in the event of a breach of unsecured PHI.
  • Enforcement Rule: Establishes penalties for violations.

Scope and Applicability

Applies to Covered Entities (health plans, healthcare clearinghouses, healthcare providers) and their Business Associates who handle PHI. It does not generally apply to health apps or devices unless they are integrated with a covered entity’s systems and act as business associates.

Intersections with Global Privacy Frameworks

HIPAA often intersects with international privacy regulations, particularly in the context of digital health and cross-border data flows.

  • GDPR vs. HIPAA: While HIPAA is sector-specific (healthcare), the gdpr is comprehensive. In joint projects involving US and EU entities, both regimes may apply.
  • CCPA: The CCPA (California Consumer Privacy Act) may overlap with HIPAA for California residents, though HIPAA generally preempts CCPA when handling PHI, except in specific disclosure scenarios.

Recent Developments in Digital Health Privacy

The rise of contact tracing and digital surveillance technologies during pandemics has highlighted tensions between public health monitoring and individual privacy rights under HIPAA and other frameworks.

Key References

Graph View

Backlinks