The Health Insurance Portability and Accountability Act (HIPAA) sets U.S. rules for the privacy and security of protected health information (PHI) held by covered entities and business associates.
In clinical research, HIPAA governs when PHI can be accessed, used, or disclosed for study activities, including recruitment, data abstraction, and safety follow-up. Compliance requires appropriate authorizations or waivers, minimum necessary access, and safeguards for storage and transmission. Oversight bodies evaluate whether consent language and data workflows adequately protect confidentiality. Strong HIPAA practices reduce privacy risk while enabling compliant research use of health information.