The Health Insurance Portability and Accountability Act is statutory legislation under US Law that protects and safeguards information relating to Healthcare. Any information of the Patient or medical records is kept in confidentiality in both physical and electronic forms. Many Indian Companies are well versed and aware of the regulations as they are working towards forming associations to comply with the HIPAA Act. These guidelines have been issued throughout the globe for the purpose of data privacy and various other benefits. Health care providers, health plans and business associates who handle Protected Health Information are meant to comply with these rules

Since Healthcare is a particularly important sector and is an urgent need of the hour; Medico-legal services, transcriptions, and important data are outsourced to India to different medical centers. But this comes along with a lot of risks as these companies deal with sensitive data and there is a possibility of Data Breach when electronic records are transmitted. The whole purpose of this legislation is to provide health insurance coverage to workers who have been deployed for any other reason and make the health care sector more cost-effective by reducing financial costs and making a standard system for transmitting administrative and medical data. The main goal is to curb fraud and data theft and ensure an efficient system of healthcare.

 Compliance and PHI:

Businesses and Companies are required to comply and follow the rules of HIPAA to maintain the secrecy of Protected Health Information (PHI). The PHI includes the names, addresses and security numbers of the patients. Providers of Healthcare Services must safeguard and notify any breach to maintain the confidentiality of the patient’s health information. Indian companies are being persuaded to adhere to the rules of HIPAA as non-compliance can have a serious effect and setback on the IT sector. India becoming a compliant country would also increase the flow of businesses from the US and other countries. The aim of complying with the guidelines of HIPAA would protect the sanctity of medical records and increase the standard of efficiency.  If Indian BPO’s comply with the guidelines it would reduce the cost of health care services and minimize the administrative burden for the Indian Community

HIPAA and Data Breaches:

Any unauthorized disclosure of the patient's information would be termed as a data breach. Any business associate who gets access or destroys any data which is not secured would have to notify immediately to the concerned authorities. These notifications must be provided within a period of 60 days as unreasonable delays may cause future risks. Which in turn would inform each individual whose information has been breached. The majority of the breaches are due to hardware issues or negligence of employees. Even though there are rules for notifying the breach; there isn't any consistent law to recover or find the cause of a breach

HIPAA Violations and Penalties:

A HIPAA violation occurs when a business entity does not comply with the provisions or security procedures. The violations are structured into deliberate and Unintentional violations with their own set of penalties. Many factors such as the duration of delay in notifying breach, Nature of data breach, and the number of people affected are taken into account for considering the quantum of punishment. The fine ranges from 100$ and goes up to 50000$ with a jail term of up to 1 to 10 years. Only in case of an unavoidable or unknown breach, there will be a waiver of penalty. The HIPAA Regulation are very stringent and therefore induces a sense of responsibility to these Companies

Need for Indian Companies to comply with HIPAA:

The importance of HIPAA compliance has increased after the coming into effect of the HITECH Act. Non- Compliance has serious implications on the countries health sector which would cause a major setback to the Health Industry Since most Indian companies are providing services for the US there could be a possible hesitation from their side to continue doing business with our Country. On the brighter side compliance would add more value to our Health Care Industry and would increase business partnerships with other countries as well. India will also be one step ahead in the field of Data Protection as Medical services, transcriptions and Coding is a very essential part of Information Technology and would prove to be more fruitful for the Country in the future

About Us

We speak the language of Technology & Internet. We understand how the law interacts with Technology & Internet. Cyber Crime Chambers is a boutique firm specializing in internet laws and digital forensic evidence.


B.A., B.L., (Hons) IPDP., (London)
Pgd IPR., Pgd Cyber Law., Msc., (IT)
Advocate, Madras High Court

Karthikeyan, is a renowned cyber law expert, who is also the Managing Partner of Law Office of Karthikeyan, a reputed law firm based in Chennai.

More About Us

Report an Incident

Send us information about your case, we will respond to you promptly