For further information, see http://www.hhs.gov/ocr/hipaa/
Background and General Information
The privacy provisions of the federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses. The Department of Health and Human Services (HHS) has issued the regulation, “Standards for Privacy of Individually Identifiable Health Information,” applicable to entities covered by HIPAA. The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the privacy regulation. (See the Statement of Delegation of Authority to the Office for Civil Rights, as published in the Federal Register on December 28, 2000.