The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets security standards or requirements for protected health information (PHI) in the healthcare industry. Healthcare providers use clinical applications such as computerized physician order entry (CPOE) systems, electronic health records (EHRs), and radiology, pharmacy, and laboratory systems to record and share patient medical information and history. Similarly, health plans provide members with access to claims and care management, as well as member self-service applications. While this means medical record keeping can be more efficient, it increases the potential security risks. HIPAA is intended to minimize these risks.
The Health Information Technology for Economic and Clinical Health Act (HITECH) mandates audits of healthcare providers to investigate and determine if they are in compliance with the HIPAA Privacy Rule (effective in 2003) and Security Rule (effective in 2005). Together, HIPAA and HITECH establish a set of standards intended to protect the security and privacy of PHI and require appropriate safeguards.