Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

HIPAA Overview

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law designed to:

  • Improve the portability and continuity of health insurance, making it easier for a person to move from one health plan to another.
  • Reduce administrative costs for providers and payers.
  • Protect the privacy of health information from being disclosed without patient’s consent or knowledge.

Provider’s responsibilities in patient rights for HIPAA

Patients have rights under the Privacy Rule that providers are required to follow. The Provider’s Responsibilities in Patient Rights for HIPAA explains these rights in plain language. This information is available to providers, as required by 2013 Wisconsin Act 238 (Wis. Stat. §146.816(4)).

HIPAA Administrative Simplification

HIPAA includes Administrative Simplification provisions designed to the make the health care system more efficient and effective. The provisions require the Department of Health and Human Services to develop national standards for the electronic exchange of health care information, often referred to as Electric Data Interchange. These standards cover transactions, code sets, unique code identifiers, and security.

Other HIPAA provisions mandate the adoption of privacy protections for individually identifiable health information. The following rules ensure these protections:

  • Privacy Rule—National standards for covered entities to protect a person’s medical records or other identifiable health information. Covered entities are:
    • Health plans
    • Health care providers that transmit standard health transactions
    • Health care clearinghouses

Business associates of covered entities must comply with HIPAA if they perform covered transactions on behalf of, or provide services to, a covered entity.

Business associates are a person or organization using or disclosing individually identifiable health information to perform or provide functions, activities, or services for a covered entity.

  • Security Rule—National standards for protecting the confidentiality, integrity, and availability of electronic protected health information.
  • Enforcement Rule—Standards for enforcing the Administrative Simplification Rules.

More information

Learn more about HIPAA Administrative Simplification provisions:

Last revised April 20, 2023