By introducing main contents of Health Insurance Portability and Accountability Act (HIPAA) and its evaluation process, the paper puts forward advanced experience which should be learnt by China. That is to clarify the protection scope of and security standards for patients' private information, strengthen the accountability of policies and regulations, detail infringement acts and specific punishment measures, and pursue the value balance between privacy protection and maintenance of public interest. Thus, it can provide reference for formulating laws on personal health information security and privacy protection in China.