Is HIPAA a Federal Law?

The Health Insurance Portability and Accountability Act was enacted by Congress in 1996, making it a Federal Law. This is an important facet of HIPAA, as it ensures that patients across the United States have the same minimum rights with regard the security and use of their Protected Health Information (PHI), as well as other facets of HIPAA.

 This also simplifies matters for HIPAA Covered Entities (organizations such as healthcare providers, health plans, and healthcare clearinghouses that must be HIPAA compliant), as the same minimum protections apply to all patients across the United States. 

However, though HIPAA is now most associated with patient privacy, there were other issues that it was originally enacted to address. Indeed, only one section of HIPAA is actually related to data privacy at all. The rest is concerned with health insurance reform, tax provisions, and the portability of health insurance plans between jobs. In particular, HIPAA was enacted to help expand access to health insurance to those with certain pre-existing conditions. 

HIPAA is enforced by a Federal Body, the Department of Health and Human Services. However, State Attorney Generals also have the ability to enforce HIPAA. Where criminal activity is suspected, the Department of Justice can prosecute HIPAA violations. 

There are several other pieces of legislation that is covered the privacy of patient health data in particular. Some of these only apply to specific States – Texas’ Texas Medical Records Privacy Act, for example – while others are in force at a Federal level. These may affect a patient’s rights in each individual State. For example, under HIPAA, patients do not have the right to access psychiatric notes, but under Vermont State law, they can. If the State-level legislation is often more stringent than HIPAA, and takes precedence over it. A State Law may take precedence over HIPAA if one of the following conditions is met: 

  • The State law provides greater privacy protections or privacy rights,
  • The State law relates to the reporting of public health issues, or
  • The State Law stipulates certain health plan reporting.
About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: