Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law that establishes national standards for the privacy and security of protected health information (PHI). The purpose of HIPAA is to ensure that individuals' health information is appropriately protected.

Businesses that are covered entities under HIPAA must also ensure that their third-party vendors, such as business associates and subcontractors, comply with HIPAA's requirements. Notable regulations for third-party management include:

1. Business Associate Agreements: Covered entities must have written agreements in place with their business associates that require the business associates to comply with HIPAA's requirements.

2. Due Diligence: Covered entities must conduct due diligence on their business associates to ensure that they have appropriate safeguards in place to protect PHI.

3. Subcontractor Management: Business associates must ensure that their subcontractors comply with HIPAA's requirements and must have written agreements in place with their subcontractors that require compliance.