HIPAA & FIPA – What You Need To Know

By Donna Henson, CPA, CFE, CISA

The Health Insurance Portability and Accountability Act (HIPAA) and the Florida Information Protection Act (FIPA) are similar in their goals. Both regulations have been enacted to encourage businesses to protect personal information. The main difference is in what kind of information each regulation applies to and the motivation utilized:

  • HIPAA – Personal Health Information – Proactive Approach (How to mitigate the risk of a breach)
  • FIPA – Confidential Personal Information – Reactive Approach (How to handle a breach)

As of June 11, 2015, Florida and 46 other states, as well as the District of Columbia, Guam and Puerto Rico, have enacted security breach notification regulation per the National Conference of State Legislatures (NCSL).

Florida has been touted as one of the more stringent in deadlines, additional compliance and disclosure features, per Law360.

FIPA is not an industry specific regulation, in fact, businesses and government entities, whether based in Florida or not, that house or maintain personal information of at least 500 Floridians, triggers reporting under Florida Statute 501.171 (FIPA) if a breach occurs.

NOTE: Healthcare professionals are required to be both HIPAA and FIPA compliant.

For a health care entity there are some ambiguities between FIPA and HIPAA surrounding the timing of breach notifications.

Below you will find a breach quick reference guide showing the differences between HIPAA and FIPA:


The biggest question for you, as a business owner, is:
Have I protected my client’s information as best I possibly can?

If you have any questions or would like to learn more about HIPAA and FIPA, please contact the Shinn & Co team at info@shinnandcompany.com or call 941.747.0500.