HIPAA

U.S. law setting privacy and security rules for protected health information (PHI).

June 8, 2025

HIPAA (and its Security/Privacy Rules) governs how covered entities and business associates handle PHI. It requires safeguards, BAAs, breach notifications, and minimum necessary access.

Services touching PHI need HIPAA-aligned controls in addition to general security attestations like SOC 2 or ISO 27001. Encryption, audit logging, and strict access controls are common measures.

#A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Related terms

Keep learning with these nearby definitions.

Acquirer

Bank or payment institution that signs merchants and routes their card transactions into the card networks.

Apple Pay

Mobile wallet by Apple that tokenizes cards for contactless and in-app payments.

Card Fraud

Unauthorized card use or theft of credentials to initiate transactions.

Card Network

Payment network (e.g., Visa/Mastercard) that sets rules and routes card transactions between issuers and acquirers.

HIPAA