The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. The Act consists of five Titles that govern different aspects of the health ecosystem. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, regulates the use and disclosure of protected health information (PHI), and related security standards required to protect the data.
Technical safeguards defined by HIPAA aim to control access to computer systems and protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient. For example, systems housing PHI must be protected from intrusion; when information flows over open networks, some form of encryption must be utilized; parties to the communication must be properly authenticated; PHI data must be protected from unauthorized modifications; data corroboration, including the use of a checksum, double-keying, message authentication, and digital signature may be used to ensure data integrity; etc.