Health Insurance Portability and Accountability (HIPPA)

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
  • The primary goal of HIPAA is to protect Electronic protected health information (ePHI) which includes, name, dates such as birth, admission, discharge, death, telephone number, photographs, address, etc. Companies under this regulation will need to implement technical and procedural controls to protect this information and perform risk analysis on risk and vulnerabilities to the confidentiality, integrity, and availability of ePHI.
  • Technical controls include such things as encryption, authentication, password complexity, access auditing, segmentation, etc., and procedural controls include such things as password policies, incident response plans, contingency plans, and audit procedures.
  • HIPAA also requires companies to provide patients with information on their privacy practices and they must record acknowledgement that the patient received the information.
  • The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:
    • Healthcare providers
    • Health plans
    • Healthcare clearinghouses
    • Business associates
  • Our Team of Experts Makes HIPAA Compliance Easy Find out more about how we can help your organization reach HIPAA compliance and meet the other security demands on organizations in healthcare.