Health Insurance Portability and Accountability Act
US federal law that regulates personal medical data protection.
Requirements of the Law are divided into three sections:
The Privacy Rule
Privacy practices - is a set of federal standards that provide patients with access to their medical records and enable them to control how their data is used and disclosed.
The Security Rule
Security Procedures - defines standards for the implementation of basic guarantees for the protection of electronic personal medical data. Describes a set of administrative, physical, and technical measures to be taken to protect data.
The Breach Notification Rule
Data breach notification procedure - requires organizations that are subject to the Privacy and Security Rule to notify the government, citizens and, in some cases, the press, about cases of leakage of unprotected personal medical data.