Two parts of a comprehensive law for the medical industry, Health Insurance Portability and Accountability Act (HIPAA), are especially important for their security implications. A portion of the law, the Administrative Simplification provisions were developed to encourage the industry to work with healthcare information in its electronic forms. The provisions included standards for protecting the privacy of patients and for information security.
As one of the first laws that applied to both privacy rights and information security in the United States, it has wide reaching implications.
The security standard included four sections with mandatory standards. They are Administrative Procedures, Physical Safeguards, and Technical Security Services, to “Guard Data Integrity, Confidentiality and Availability”, as well as a section on Technical Security Mechanisms to Guard against Unauthorized Access to Data that is Transmitted over a Communications Network. A fifth section sets standards for digital signatures, although their use is not required.