HIPAA

The Health Insurance Portability and Accountability Act of 1996

Overview

HIPAA was established in 1996 to protect health insurance coverage for individuals who lose or change jobs, and to establish standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers (“Covered Entities“).

While there are numerous sections to HIPAA, there are two that stand out regarding information security requirements:

• The Privacy Rule dictates how covered entities protect, share, and manage Protected Health Information (PHI).
• The Security Rule details administrative, physical, and technical safeguards for Electronic PHI (EPHI).

Covered entities must develop policies and procedures governing the protection of PHI, implement physical safeguards to PHI, and implement technical controls to computer systems to protect PHI.

References

• U.S. Department of Health and Human Services
• Understanding Health Information Privacy
• Health Information Technology for Economic and Clinical Health Act (HITECH)

Industry

• Healthcare
  • Hospitals
  • Medical Offices
  • Health Insurance Providers
  • Any Covered Entity

How secure is your organization?

Speak with an information security expert to find out.
Consultation

All Areas of Compliance

• GLBA
• FERPA
• FISMA
• HIPAA
• HITECH / Meaningful Use
• ISO/IEC 27001/27002
• NERC CIP
• PCI DSS
• SOX