ContractsCounsel Logo


Updated: March 28, 2023
Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 10,572 reviews
No Upfront Payment Required, Pay Only If You Hire.
Home Blog HIPAA Law

Jump to Section

HIPAA Law (Health Insurance Portability and Accountability Act) is a federal law protecting sensitive health information or Protected Health Information (PHI).

Essentials of HIPAA Law

In today's world, data privacy is more important than ever. As technology usage has grown in healthcare, so must ensure that patients' personal health information (PHI) is kept confidential. That's where HIPAA comes in. HIPAA, or the Health Insurance Portability and Accountability Act, is a federal law that sets standards for protecting the privacy and security of PHI.

The HIPAA law includes various rules to safeguard the privacy and security of PHI, including the HIPAA Privacy Rule, the HIPAA Security Rule, and the HIPAA Enforcement Rule. The Privacy Rule sets national standards for protecting the privacy of individuals' PHI, including written, oral, and electronic forms of PHI. It also establishes patients' rights regarding their health information. The Security Rule establishes national standards for protecting electronic PHI's confidentiality, integrity, and availability. The Enforcement Rule establishes procedures for investigating and enforcing HIPAA violations.

HIPAA applies to covered entities, including most healthcare providers, health plans, healthcare clearinghouses, and business associates. Covered entities must comply with HIPAA's privacy and security rules, which outline the steps to protect PHI. Penalties for HIPAA violations can be significant, ranging from fines to criminal charges.

Overall, HIPAA is an important law that helps protect patient health information's privacy and security, ensuring that sensitive information remains confidential and is only shared with authorized individuals and organizations.

HIPAA was enacted in 1996, primarily as a response to the growing use of electronic healthcare transactions. The law has several goals, including:

  • Ensuring that patients' health information is kept private and secure
  • Making it easier for patients to keep their health insurance when they change jobs or become unemployed
  • Simplifying healthcare administrative transactions

HIPAA applies to covered entities, which includes most healthcare providers, health plans, and healthcare clearinghouses. These entities must comply with HIPAA's privacy and security rules, which outline the steps they must take to protect PHI.

HIPAA Privacy Rules

The HIPAA Privacy Rule sets national standards for protecting the privacy of individuals' PHI. The rule applies to all forms of PHI, including written, oral, and electronic. It also establishes patients' rights regarding their health information.

Some of the key provisions of the HIPAA Privacy Rule include:

  • Requiring covered entities to obtain written consent from patients before using or disclosing their PHI, except in certain situations (such as for treatment, payment, or healthcare operations)
  • Giving patients the right to access and obtain a copy of their PHI
  • Allowing patients to request that their PHI be corrected if it is inaccurate
  • Requiring covered entities to implement reasonable administrative, physical, and technical safeguards to protect PHI.
Meet some lawyers on our platform

Ryenne S.

604 projects on CC
CC verified
View Profile

Sara S.

119 projects on CC
CC verified
View Profile

Zachary J.

345 projects on CC
CC verified
View Profile

Scott S.

60 projects on CC
CC verified
View Profile

Advantages of the HIPAA Law

  • Protecting Patient Privacy

    The primary advantage of HIPAA is that it protects patients' health information privacy. HIPAA sets national standards for handling sensitive health information, ensuring that individuals' personal and medical details are not disclosed to unauthorized individuals or organizations.

  • Streamlining Healthcare Transactions

    HIPAA also aims to simplify healthcare transactions by mandating standard formats for electronic healthcare transactions, making it easier and more efficient for patients to change healthcare providers and obtain health insurance.

  • Ensuring the Security of Health Information

    HIPAA not only requires that health information be kept private but also mandates that covered entities implement technical, physical, and administrative safeguards to ensure the security of health information, including electronic health records.

  • Promoting Interoperability

    HIPAA promotes the exchange of health information between healthcare providers and organizations, leading to better-coordinated patient care and improved health outcomes.

  • Enforcing Penalties for Violations

    HIPAA has penalties for non-compliance with its privacy and security rules, which can deter covered entities from mishandling health information and provide a way to hold violators accountable.

Overall, HIPAA helps ensure that sensitive health information is kept private and secure while promoting more efficient and coordinated healthcare delivery. It also provides a framework for enforcing penalties for violations, which can encourage covered entities to take their responsibilities for protecting patient information more seriously.

HIPAA Security Rules

The HIPAA Security Rule complements the Privacy Rule by establishing national standards for protecting electronic PHI's confidentiality, integrity, and availability. Covered entities that create, receive, maintain, or transmit electronic PHI must comply with the Security Rule. The Security Rule sets out three categories of security safeguards that covered entities must implement:

  • Administrative safeguards, which include policies and procedures for managing the selection, development, implementation, and maintenance of security measures
  • Physical safeguards, which involve measures such as facility access controls, workstation security, and device and media controls
  • Technical safeguards, which cover the technology and mechanisms used to protect electronic PHI, such as access controls, encryption, and audit controls

HIPAA Enforcement Rules

The HIPAA Enforcement Rule establishes procedures for investigating and enforcing HIPAA violations. The rule gives the Department of Health and Human Services (HHS) the authority to investigate complaints, conduct compliance reviews, and impose penalties for non-compliance.

Penalties for HIPAA violations can be significant. For example, violations due to willful neglect can result in fines of up to $50,000 per violation, with an annual cap of $1.5 million. Besides, HIPAA regulations still apply to telehealth, meaning healthcare providers must protect patients' PHI during telehealth visits and relax some of the HIPAA requirements for telehealth. However, these waivers are only in effect for the public health emergency, and covered entities are still expected to comply with HIPAA to the greatest extent possible.

Key Terms

  • Company Associates: Company associates are third-party entities that conduct services for covered entities and have entry to PHI. Examples include medical billing companies, IT providers, and consultants.
  • Covered Entities: Covered entities are people, institutions, or companies required to comply with HIPAA rules. These comprise health plans, healthcare providers, and healthcare clearinghouses.
  • Privacy Rule: The Privacy Rule establishes national benchmarks for safeguarding people's PHI held by covered entities and their enterprise associates.
  • Minimum Necessary Rule: The minimum necessary rule mandates covered entities to restrict PHI's use, disclosure, and request to the minimum necessary to achieve the planned purpose.


The HIPAA law is an essential federal regulation that aims to protect the privacy and security of patients' sensitive health information. It sets national standards for how healthcare providers, health plans, and healthcare clearinghouses handle PHI, including electronic health records. HIPAA has many advantages, including protecting patient privacy, ensuring the security of health information, simplifying healthcare transactions, promoting interoperability, and enforcing penalties for violations. By following HIPAA's privacy and security rules, covered entities can help maintain patients' trust and promote better healthcare outcomes.

HIPAA is a crucial law field that has greatly contributed to protecting sensitive health information and will continue to be an important aspect of healthcare for years to come. In addition to its primary goal of protecting patient privacy and securing sensitive health information, the HIPAA law has also helped improve the efficiency and coordination of healthcare. Its standardization of electronic healthcare transactions has made it easier for patients to change providers, obtain insurance, and access their health information.

If you are looking to get free pricing proposals from vetted lawyers that are 60% less than typical law firms, you can click here to get started. By comparing multiple proposals for free, you can save the time and stress of finding a quality lawyer for your business needs.

Need help with a Power of Attorney?

Create a free project posting

Meet some of our Lawyers

Elbert T. on ContractsCounsel
View Elbert
4.8 (7)
Member Since:
March 31, 2022

Elbert T.

Free Consultation
Oklahoma City
3 Yrs Experience
Licensed in OK
Oklahoma City University School of Law

Elbert Thomas is the founder of the Thomas Law Group, LLC. Elbert is proficient in contract creation, drafting, reviewing, and negotiating various business contracts and demand letters in industries such as construction, personal, professional services, non-profits, and real estate. Elbert typically represents small and large companies in drafting and negotiating countless agreements such as purchase sale agreements, interconnection agreements, lease agreements, demand letters, cease & desist letters, transfer of deeds in real property, and merger/acquisition agreements. In addition, Elbert is also experienced in start-ups, small business formation, drafting operating agreements, and estate planning.

Tiffany O. on ContractsCounsel
View Tiffany
5.0 (4)
Member Since:
January 3, 2024

Tiffany O.

Free Consultation
Washington, Utah
8 Yrs Experience
Licensed in NM, UT
J. Reuben Clark Law School

Tiffany received her Juris Doctorate from the J. Reuben Clark Law School, Magna Cum Laude. She is admitted to the Utah State Bar and the New Mexico State Bar. She practices in the areas of real estate, general business, business formation, employment agreements, and civil litigation.

Briana C. on ContractsCounsel
View Briana
5.0 (55)
Member Since:
February 15, 2021

Briana C.

Founder, Branch Legal LLC
Free Consultation
Boston, MA
12 Yrs Experience
Licensed in CA, MA, NY
Columbia University School of Law

Legal services cost too much, and are often of low quality. I have devoted my law practice to providing the best work at the most affordable price—in everything from defending small businesses against patent trolls to advising multinational corporations on regulatory compliance to steering couples through a divorce.

Jo Ann J. on ContractsCounsel
View Jo Ann
5.0 (6)
Member Since:
February 23, 2021

Jo Ann J.

Free Consultation
Boston, MA
28 Yrs Experience
Licensed in MA
Suffolk Universtiy Law School

Jo Ann has been practicing for over 20 years, working primarily with high growth companies from inception through exit and all points in between. She is skilled in Mergers & Acquisitions, Contractual Agreements (including founders agreements, voting agreements, licensing agreements, terms of service, privacy policies, stockholder agreements, operating agreements, equity incentive plans, employment agreements, vendor agreements and other commercial agreements), Corporate Governance and Due Diligence.

Meghan P. on ContractsCounsel
View Meghan
4.8 (6)
Member Since:
February 15, 2021

Meghan P.

Free Consultation
6 Yrs Experience
Licensed in CA
University of Dayton

I am a licensed attorney and a member of the California Bar. I graduated from the University of Dayton School of Law's Program in Law and Technology. I love IP, tech transfers, licensing, and how the internet and developing technology is changing the legal landscape. I've interned at both corporations and boutique firms, and I've taken extensive specialized classes in intellectual property and technology law.

Charlotte L. on ContractsCounsel
View Charlotte
4.6 (2)
Member Since:
February 25, 2021

Charlotte L.

Self-Employed Legal Consultant
Free Consultation
Arlington, VA
10 Yrs Experience
Licensed in DC, VA
University of Virginia School of Law

I hold a B.S. in Accounting and a B.A. in Philosophy from Virginia Tech (2009). I received my J.D. from the University of Virginia School of Law in 2012. I am an associate member of the Virginia Bar and an active member of the DC bar. Currently, I am working as a self-employed legal consultant and attorney. Primarily my clients are start-up companies for which I perform various types of legal work, including negotiating and drafting settlement, preparing operating agreements and partnership agreements, assisting in moving companies to incorporate in new states and setting up companies to become registered in a state, assisting with employment matters, drafting non-disclosure agreements, assisting with private placement offerings, and researching issues on intellectual property, local regulations, privacy laws, corporate governance, and many other facets of the law, as the need arises. I have previously practiced as an attorney at a small DC securities law firm and worked at Deloitte Financial Advisory Services LLC. My work experience is dynamic and includes many short-term and long term experience that span across areas such as maintaining my own blog, freelance writing, and dog walking. My diverse background has provided me with a stong skill set that can be easily adapted for new areas of work and indicates my ability to quickly learn for a wide array of clients.

Find the best lawyer for your project

Browse Lawyers Now

Need help with a Power of Attorney?

Create a free project posting
See All Transactional Lawyers
See All HIPAA Law Lawyers
other helpful articles

Quick, user friendly and one of the better ways I've come across to get ahold of lawyers willing to take new clients.

View Trustpilot Review

Contracts Counsel was incredibly helpful and easy to use. I submitted a project for a lawyer's help within a day I had received over 6 proposals from qualified lawyers. I submitted a bid that works best for my business and we went forward with the project.

View Trustpilot Review

I never knew how difficult it was to obtain representation or a lawyer, and ContractsCounsel was EXACTLY the type of service I was hoping for when I was in a pinch. Working with their service was efficient, effective and made me feel in control. Thank you so much and should I ever need attorney services down the road, I'll certainly be a repeat customer.

View Trustpilot Review

I got 5 bids within 24h of posting my project. I choose the person who provided the most detailed and relevant intro letter, highlighting their experience relevant to my project. I am very satisfied with the outcome and quality of the two agreements that were produced, they actually far exceed my expectations.

View Trustpilot Review

Need help with a Power of Attorney?

Create a free project posting

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call

Find lawyers and attorneys by city