The Health Insurance Portability and Accountability Act (HIPAA) of 1996 report

This report displays HIPAA issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.

Why it matters

Note: Many of the issues in this report are similar to those in the COPPA report. If both reports are added to a dashboard, you will see an inflated number of total issues. To prevent this from happening, you can create tabs for each report, or just add one of the reports to a dashboard.

The goal of the Health Insurance Portability and Accountability Act (HIPAA) is to enable the movement of health information among health-related organizations in a protected manner. It includes various stringent privacy and security protections including limits on sharing and use of encryption. HIPAA applies to U.S. health care providers/health insurers and their business associates. If your financial institution has an employer-sponsored health care plan, this legislation also applies to you. The Administrative Simplification section of HIPAA mandates a new security policy to protect an individual's health information, while permitting the appropriate access and use of that information by health care providers, clearinghouses, and health plans.

Best practices for complying with HIPAA

Provide a comprehensive privacy notice on websites collecting personal health information (PHI).
Ensure that all collection of personal health information online is appropriate and secure.
Ensure that personal health information is not being passed to third parties in contravention of sharing rules.
Protect against any reasonably anticipated:
- threats or hazards to the security or integrity of the information
- unauthorized uses or disclosures of the information
Provide technical security services to guard data integrity, confidentiality and availability.
Establish audit control mechanisms to record and examine system activity.