Health Insurance Portability and Accountability Act (HIPAA) introduces new standards for protecting the privacy of individuals’ identifiable health information.
HIPAA regulations apply to investigators who need to use, for research purposes, individually identifiable health information held by a covered entity or its business associates. Individually identifiable health information means the identity of the subject is or may readily be ascertained by the investigator or associated with the information. Covered entities are defined as: (1) health plans, (2) health care clearing houses, and (3) health care providers who electronically transmit any health information in connection with transactions, for which The Department of Health and Human Services (HHS) has adopted standards (generally, transactions concern billing and payments for insurance coverage). For example, hospitals, academic medical centers, physicians who electronically transmit claims transaction information to a health plan.