HIPAA (Health Insurance Portability and Accountability Act)

The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law enacted in 1996 that establishes national standards for the protection of sensitive patient health information. HIPAA's Privacy Rule regulates the use and disclosure of Protected Health Information (PHI), while the Security Rule sets standards for safeguarding electronic PHI (ePHI) through administrative, physical, and technical safeguards.

For healthcare technology companies, HIPAA compliance is essential when handling any data that can identify a patient and relates to their health condition, treatment, or payment. This includes vital signs data, demographic information, and any other individually identifiable health information. Organizations must implement encryption, access controls, audit logging, and other security measures.

When deploying contactless vitals technology in healthcare settings, HIPAA compliance requires that all data transmission is encrypted, storage meets security standards, access is controlled and audited, and a Business Associate Agreement (BAA) is in place between the technology provider and the covered entity. Circadify maintains HIPAA compliance with end-to-end encryption and offers BAA agreements to all healthcare customers.