The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was developed by the Secretary of the U.S. Department of Health and Human Services (HHS) and is regulated by the U.S. Department of Health and Human Services' Office of Civil Rights (OCR).

HIPAA Compliance applies to any individual or entity who uses or manages health information that is held or transferred in electronic form.

The HHS developed two rules to standardize the protection and privacy of health information held and transferred in electronic form: the HIPAA Privacy Rule and the HIPAA Security Rule. These rules lay out what health information must be kept private and how to protect the security of such information.

In short, HIPAA Compliance is needed to protect and secure individuals’ health information (protected health information or PHI) and to address the specific security needs required to protect individuals' electronic health information (electronic protected health information or ePHI).

Anytime PHI or ePHI is held or transferred, privacy and security standards for HIPAA Compliance should be strictly maintained.

Anywhere PHI or ePHI is held or transferred, whether online or on paper, privacy and security standards for HIPAA Compliance should be strictly maintained.