Drata has Acquired SafeBase: We’re Redefining GRC & Trust Management

Contact Sales

Drata Logo Dark (New)
  • Product
  • Resources
  • Alliances
  • Customers
  • Company
  • Sign In
  • Get Started
  • Sign In
  • Get Started
HomeCompliance GlossaryWhat are the HIPAA Rules?

What are the HIPAA Rules?

The Health Insurance Portability and Accountability Act (HIPAA) is composed of a number of standards or rules by which compliance can be monitored. HIPAA Rules include the Privacy, Security, and Breach Notification Rules, as well the Transactions and Code Set Standards, Identifier Standards, Enforcement Rule, Omnibus Final Rule, and the HITECH Act.


The HIPAA Privacy Rule sets national standards to safeguard individuals’ medical records and other protected health information (PHI), and establishes when PHI may be used and disclosed. The HIPAA Security Rule specifies safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The HIPAA Breach Notification Rule requires that, in the event of a breach of unsecured PHI, notification of the breach is communicated to affected individuals, the U.S. Department of Health & Human Services (HHS), and in some cases, the media. HIPAA Rules apply to covered entities and business associates.


It is important that organizations that work in or with the healthcare industry, or that have access to protected health information (PHI), are aware of the HIPAA Rules and adhere to their standards. Adhering to the HIPAA Rules will help ensure that an organization is protecting the privacy and security of patients’ PHI, and is prepared to alert required individuals and institutions in the case of an incident of non-compliance.

Join the Thousands of Companies that Trust Drata

See All Case Studies
Wiz logo 2
Airbase
TaskRabbit Logo
BambooHR Logo
Clearbit Logo
Superhuman
Alteryx logo
Lemonade Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo

View Drata Glossary

Learn more about other compliance and cybersecurity concepts in our glossary.

Read More
Drata Logo Light

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company’s security controls, while streamlining workflows to ensure audit-readiness.

Solutions

StartupScaleEnhanceDrata PlatformIntegrations
Frameworks
SOC 2ISO 27001HIPAAGDPRNIST AI Risk ManagementFedRAMPNIS 2Custom FrameworksAll Frameworks
Resources
BlogEventsWebinarsReportsSOC 2 HubISO 27001 HubProduct UpdatesCompliance GlossaryAPI Documentation
Company
Careers
HIRING
CustomersAuditorsPartnersPressContact UsLegal
Trust
Security and ComplianceTrust CenterSystem Status
Become a Trusted Newsletter Insider

The latest security and compliance news, delivered.


© 2025 Drata Inc. All rights reserved.

Privacy NoticeLegal