HIPAA is a federal law that protects the privacy and security of health data. The goal is to ensure companies can: (1) control how you use health information data internally and how you disclose it with third parties (2) manage data security and risk with written policies and internal controls (3) respond to security incidents and potential breaches of regulated data.