Healthcare Data GlossaryRegulatory
HIPAA: Definition and Healthcare Context
Full name: Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that established national standards for the privacy and security of individually identifiable health information and for electronic health care transactions. HIPAA's Administrative Simplification provisions mandate standard transaction formats (including NPI), require privacy protections for Protected Health Information (PHI), and establish security safeguards for electronic PHI. HHS's Office for Civil Rights enforces the HIPAA Privacy and Security Rules.
Last updated: 2026-05-31Reviewed by: Dr. Jennifer Montecillo, MD — Gullas College of Medicine, 2019. Non-practicing medical reviewer.
How it’s used
- CMS NPPES NPI Registry: the NPI itself is a HIPAA Administrative Simplification requirement — HIPAA mandated a standard provider identifier, which became the NPI.
- CMS PECOS Medicare Provider Enrollment: HIPAA-covered entities must use NPI on all standard transactions, making PECOS enrollment a prerequisite for Medicare billing.
Frequently asked questions
- What does HIPAA stand for?
- HIPAA stands for Health Insurance Portability and Accountability Act, a 1996 federal law establishing standards for health data privacy, security, and electronic transactions.
- Who must comply with HIPAA?
- Covered entities — health plans, health care clearinghouses, and health care providers that transmit health information electronically — and their business associates must comply with HIPAA.
- What does HIPAA protect?
- HIPAA's Privacy Rule protects Protected Health Information (PHI) — individually identifiable health information held by covered entities.