Health Insurance Portability and Accountability (HIPPA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal
law that required the creation of national standards to protect sensitive patient
health information from being disclosed without the patient’s consent or
knowledge.
The primary goal of HIPAA is to protect Electronic protected health information
(ePHI) which includes, name, dates such as birth, admission, discharge, death,
telephone number, photographs, address, etc. Companies under this regulation
will need to implement technical and procedural controls to protect this
information and perform risk analysis on risk and vulnerabilities to the confidentiality,
integrity, and availability of ePHI.
Technical controls include such things as encryption, authentication, password
complexity, access auditing, segmentation, etc., and procedural controls include
such things as password policies, incident response plans, contingency plans, and
audit procedures.
HIPAA also requires companies to provide patients with information on their privacy
practices and they must record acknowledgement that the patient received the
information.
The following types of individuals and organizations are subject to the Privacy Rule
and considered covered entities:
Healthcare providers
Health plans
Healthcare clearinghouses
Business associates
Our Team of Experts Makes HIPAA Compliance Easy
Find out more about how we can help your organization reach HIPAA compliance
and meet the other security demands on organizations in healthcare.