Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a group of regulations that medical providers must follow to ensure that all patients’ charts, accounts and records are handled properly.Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
The HIPAA Security Rule was created as a flexible extension to the protections contained in the Privacy Rule, and its guidelines provide the steps that those covered by the Rule must enact to secure patients’ electronic health information. It includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations.
To Know more on HIPAA Compliant
HIPAA Privacy and Security rules:
Privacy Rule:
Privacy Rule specifies the people that can access PHI. This rule covers any type of sharing of information, including verbal, written or electronic disclosures. It addresses the saving, accessing and sharing of medical and personal information of any individual.
Covered entities are also allowed to use and disclose patient information as necessary to maintain its operations, including treatment and payment procedures. It also allows medical establishments to release information to public health authorities that are legally approved to obtain the data in order to prevent or control illness, injury or incapacity.
Security Rule:
It is more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).
This rule outlines guidelines, specifications and processes for safeguarding electronic PHI.
HIPAA Security Rule requires implementation of three types of safeguards:
1) Administrative 2) Physical 3) Technical.
- Administrative:Assignment of security responsibility to an individual.It administrative actions, policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect ePHI.
- Physical:It required protecting electronic systems, equipment and data.It includes limited facility access and control, with authorized access in place.
- Technical:Itmeans technology and the policy and procedures for its use that protect electronic health information and control access to it.Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
“Complying with HIPAA Security involves the assessment of risk and implementation of reasonable and appropriate measures, which can be determined by looking at best practices in healthcare
information security. In reality, what is most important is that physicians focus on the issues of privacy, electronic transactions, and security; take steps that others on their behalf (business associates and either in-house or outside vendors) are taking measures to comply; that they stand behind and support these measures; and that the practice holds its future focus on actually complying with the new measures.”