HIPAA (Health Insurance Portability and Accountability Act)

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law designed to facilitate the portability, accessibility and security of health care data. It applies to any entity that processes or stores protected health information (PHI) and requires that all entities follow specific safeguards for how patient information is stored, managed, accessed and shared. In regards to procurement, HIPAA mandates that only authorized personnel may have access to PHI and that vendors must take reasonable measures to protect PHI from unauthorized access, misuse or disclosure. Furthermore, it requires that vendors sign a Business Associate Agreement which outlines the responsibilities of each party in protecting PHI.