HIPAA is the acronym for the Health Insurance Portability and Accountability Act. HIPAA's "Privacy Rule" regulates the way certain health care groups, organizations, or businesses, called covered entities under the Rule, handle the individually identifiable health information known as "protected health information" or PHI. The definition of PHI is discussed further below.
Researchers should be aware of the Privacy Rule because it establishes the conditions under which covered entities can use or disclose PHI for many purposes, including for research. Although not all researchers will have to comply with the Privacy Rule, the manner in which the Rule protects PHI could affect certain aspects of research.