In plain terms. The Health Insurance Portability and Accountability Act of 1996 authorized the HIPAA Privacy, Security, and Breach Notification Rules. The Security Rule requires covered entities and business associates to implement administrative, physical, and technical safeguards for electronic protected health information, making HIPAA the central compliance regime for healthcare contractors.
Citation. Pub. L. 104-191 (Aug. 21, 1996); 42 U.S.C. § 1320d et seq..
45 C.F.R. Parts 160, 162, and 164 (Privacy, Security, and Breach Notification Rules)