Health Insurance Portability and Accountability Act (HIPAA)

As an SOC 2 Type II certified organization, Dataddo is committed to complying with The Health Insurance Portability and Accountability Act of 1996 (HIPAA).

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act, which is a United States federal law that sets standards for protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

What are key HIPAA principles?

HIPAA's key privacy principles are:

• Covered entities, such as healthcare providers, may only receive, use, and disclose protected health information (PHI) for purposes of treatment, payment, and healthcare operations.
• Covered entities must adopt reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI from unauthorized access, use, or disclosure.
• Covered entities must limit the use, disclosure, and request of PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.