Puts strict privacy and security rules on how PHI (Personal Health Information is handled by health
insurers, providers and clearing house agencies (Claims)). HIPAA has 3 rules – Privacy rule,
Security rule and Breach Notification rule. The rules mandate Administrative, Physical and Technical
safeguards. Security Breach Notification Laws. NOT Federal, 48 states have individual laws, know the
one for your state (none in Alabama and South Dakota). They normally require organizations to inform
anyone who had their PII compromised. Many have an encryption clause. Lost encrypted data may not
require disclosure.