The Health Insurance Portability and Accountability Act (HIPAA) of 1996 required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule.

The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Privacy Rule calls this information "Protected Health Information” (PHI). The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.

After, HHS enacted a final Omnibus rule that implements a number of provisions of the HITECH Act to strengthen the privacy and security protections for health information established under HIPAA, finalizing the Breach Notification Rule.

Alibaba Cloud fully support the Business Associate Agreement (BAA) for customers that require strict compliance with the HIPAA requirements to protect the privacy and security of healthcare information. For detail information, please refer to our HIPAA whitepaper, which covers multiple Alibaba Cloud products and services compliance under HIPAA security requirements.