Health Insurance Portability and Accountability Act.
HIPAA establishes national standards for protecting the privacy and security of protected health information (PHI) in the United States. It applies to covered entities (health plans, providers, clearinghouses) and their business associates, requiring administrative, physical, and technical safeguards for electronic PHI.
Maximum penalty
Up to ~$2.07M per violation category per year
Source: 42 USC §1320d-5
Key requirements
Privacy Rule: limits on PHI use and disclosure
Security Rule: administrative, physical, technical safeguards for ePHI
Breach Notification Rule: notify affected individuals within 60 days
Business Associate Agreements for all PHI processors
+4 more requirements in the complete guide.
Get the full HIPAA compliance guide →Enforcement examples
Anthem Inc.
Breach affecting 78.8M individuals - largest HIPAA settlement
$16M
2018
Premera Blue Cross
Breach affecting 10.4M individuals
$6.85M
2020
Advocate Health Care
Multiple breaches involving unencrypted laptops
$5.55M
2016
How Tessera automates HIPAA compliance
Automated PHI classification and data flow mapping
Business Associate Agreement tracking and compliance monitoring
Breach detection and 60-day notification workflow
Security Rule safeguard evidence collection
Risk analysis automation and remediation tracking
HIPAA compliance checklist
Essential steps to achieve and maintain HIPAA compliance.
Conduct comprehensive risk analysis of ePHI
Implement administrative, physical, and technical safeguards
Execute Business Associate Agreements with all PHI processors
+4 more steps in the full checklist.
Get your complete HIPAA compliance checklist - free →Industries affected
Calculate your HIPAA exposure.
See exactly how HIPAA penalties apply to your revenue and industry profile.