Definition
HIPAA is the federal law that sets the privacy, security, and breach-notification standards for protected health information (PHI) in the United States. It applies to covered entities (providers, health plans, clearinghouses) and their business associates.
For ABA, HIPAA shows up most often in three places: keeping PHI out of session notes that don't need it, signing Business Associate Agreements with every vendor that touches PHI, and meeting the Security Rule's encryption, access control, and audit log requirements.