The Act has several purposes. One, in particular, is to protect health information.
HIPAA applies to organizations that meet certain criteria. Those organizations that qualify must follow the Act's Privacy, Security, and Breach Notification Rules.
To learn more about HIPAA and how to protect health information, visit the U. S. Department of Health & Human Services.
This template is a starting point. Departments can use this document to develop (or improve) their risk management processes. Departments should expand on, add more details to, and capture the processes that work best for them.