Summary of article from Holland & Hart, by Kim Stanger:
The Health Insurance Portability and Accountability Act (HIPAA) applies to healthcare providers, healthcare clearinghouses, and health plans, enforcing rigorous privacy, security, and breach notification rules. Non-compliance can lead to severe civil and criminal penalties, with a tiered penalty structure based on the severity and nature of the violation. While there isn’t an explicit private cause of action for injured individuals under HIPAA, claims can be made under negligence or common law. To ensure compliance, entities should assign HIPAA responsibility, understand use and disclosure rules, implement and maintain written policies, execute appropriate business associate agreements, and stay updated with changes in regulations.