Introducing our Connectors API for integration builders
Learn more >


What are the rules of HIPAA?


The Health Insurance Portability and Accountability Act (HIPAA) is composed of a number of standards or rules by which compliance can be monitored. HIPAA Rules include the Privacy, Security, and Breach Notification Rules, as well the Transactions and Code Set Standards, Identifier Standards, Enforcement Rule, Omnibus Final Rule, and the HITECH Act.


The HIPAA Privacy Rule sets national standards to safeguard individuals’ medical records and other protected health information (PHI), and establishes when PHI may be used and disclosed. The HIPAA Security Rule specifies safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The HIPAA Breach Notification Rule requires that, in the event of a breach of unsecured PHI, notification of the breach is communicated to affected individuals, the U.S. Department of Health & Human Services (HHS), and in some cases, the media. HIPAA Rules apply to covered entities and business associates.


It is important that organizations that work in or with the healthcare industry, or that have access to protected health information (PHI), are aware of the HIPAA Rules and adhere to their standards. Adhering to the HIPAA Rules will help ensure that an organization is protecting the privacy and security of patients’ PHI, and is prepared to alert required individuals and institutions in the case of an incident of non-compliance.

Vanta automates security compliance.
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.