HIPAA (Health Insurance Portability and Accountability Act of 1996) is federal legislation, through the US Department of Health and Human Services and the Office of Civil Rights, providing data privacy and security provisions for safeguarding medical information. The Institute’s Chief Information Security Officer works with our HIPAA covered entities/business associates to ensure compliance is maintained based on the standards in the HIPAA Security Rule. The HIPAA Security Rule covers electronic protected health information (ePHI) and protects patient data security.