Beth Greenwood, RN, IRB Chair Emerita, NAOEP

The Health Insurance Portability and Accountability Act (HIPAA) was originally established in 1996 (https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html, 2026). It primarily established the Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) (https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html, 2026). This means it established what information could and could not be shared (Protected Health Information, PHI), who could or could not share it (Covered Entity), and when.

“A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Given that the health care marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed”