The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange.In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.

New regulations effective September 23, 2009 require all physicians who are covered by HIPAA to notify patients if there are breaches of security involving unsecured patient information. These requirements apply in addition to any notification obligations imposed by state law. These requirements also supplement the obligations imposed by the HIPAA Privacy and Security Rules.The Health Insurance Portability and Accountability Act of 1996 (HIPAA) prompted new Federal regulations which require physicians to ensure they are protecting the privacy and security of patients' medical information and using a standard format when submitting electronic transactions, such as submitting claims to payers.