What is HIPAA and How Does It Apply to My Company?

O que é HIPAA - STW Brasil

An individual’s health information is among their most sensitive data, causing debate and concern for decades. So much so that in the United States, the health sector was one of the first to have regulations aimed at protecting personal data.

Approved in 1996, the Health Insurance Portability and Accountability Act (HIPAA) is now an example to be followed by companies in different countries and areas of activity.

At a time when Brazilian legal entities that process data need to comply with the LGPD, HIPAA presents itself as an important ally. Its principles and standards can be used as a guide to ensure the security of consumer and client information in your business.

Let’s understand this better? Stay with us as we tell you more about what HIPAA is and how it can help your business.

What is HIPAA?

In the 1990s, it was already common for organizations to use information technology solutions for data collection, storage, and analysis.

Given this greater control of companies over personal information, a broad debate soon emerged.

After all, how far does the power of companies over their clients’ and consumers’ data go? This is still a question discussed today, especially with the exponential increase in data processing capacity.

As a result, different legislations aimed at protecting personal data have been developed and applied worldwide.

HIPAA is a pioneer and direct ascendant of these new laws. In force since 1996, this legal instrument has shown over the years a great capacity to protect the health information of American citizens in the possession of health insurance operators.

In addition to protecting sensitive data, HIPAA applies to any entity that provides or pays for healthcare services, including those with hybrid operations, such as universities with hospitals, for example.

Other benefits generated by HIPAA:

  • Broad access to their respective health information, with the possibility to suggest corrections and obtain printed or electronic copies.
  • The power to share information with whomever they want, such as other doctors or clinics. The data is available online.

The U.S. law also stands out for its comprehensive and objective standards, avoiding touching on technical issues and relying on four items that must be complied with by all those subject to the legislation:

  • Ensure the confidentiality, integrity, and availability of all information created, received, stored, or transmitted.
  • Identify and protect against threats to the security or integrity of the data.
  • Protect data against unauthorized use or disclosure by the data subject.
  • Ensure that employees and collaborators comply with good information security practices.

Thus, as we can see, although HIPAA was developed focusing on the health sector, its standards and principles are perfectly adaptable to be applied in companies from various sectors, being a global reference for personal data protection legislation.

How Can HIPAA Help My Company?

We are living in a moment of transformation in Brazil. In the last two decades, the internet has consolidated in the country and has become one of the main tools of our daily lives, both personally and professionally.

The network connection and information technology have allowed national organizations to have a huge capacity to process information today.

Thus, the country, which had already established the Internet Civil Framework in 2014, sanctioned the General Data Protection Law in 2016.

This measure aims to bring more transparency and security to data processing carried out by legal entities and must be complied with by any business that performs some form of data processing in its operation.

At a time when the deadline for compliance with the LGPD is about to expire, HIPAA emerges as an important tool that allows your business to establish good principles for the security of personal information, getting closer to complying with national law.

Beyond complying with the legislation, avoiding being fined 2% of the revenue (up to a maximum of R$ 50 million) per infraction, we must not forget that data is one of the greatest assets of a company. Protecting information is protecting the future of your business.

It is worth clarifying, however, that complying with HIPAA does not ensure that your organization is in agreement with the LGPD.

Among the advantages of applying the U.S. law in your company, it is possible to highlight:

  • Greater security and transparency in data processing.
  • Increased brand reliability.
  • Improved customer relationships.
  • Establishment of secure protocols for data collection, storage, and analysis.


In the information age, the personal data in your database needs to be protected and treated with care. In this moment of transforming your operations, count on HIPAA as inspiration and have the LGPD as a guide.

By processing data securely, everyone wins.

Like our pages on social media and keep following our blog to learn more about the General Data Protection Law, information security, cybersecurity, and much more.

See you next time!

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Social media


Leading company in information security. The digital protection of your company is our priority. We rely on state-of-the-art technology used by highly specialized professionals.

(11) 2666-3787
R. São Bento, 365 – 8o Andar – Centro Histórico de São Paulo, São Paulo – SP,
CNPJ: 05.089.825/0001-48.

Copyright ©️ 2023 – All rights reserved. Check out our  Privacy Policy.