The Health Insurance Portability and Accountability Act of 1996
HIPAA was established in 1996 to protect health insurance coverage for individuals who lose or change jobs, and to establish standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers (“Covered Entities“).
While there are numerous sections to HIPAA, there are two that stand out regarding information security requirements:
- The Privacy Rule dictates how covered entities protect, share, and manage Protected Health Information (PHI).
- The Security Rule details administrative, physical, and technical safeguards for Electronic PHI (EPHI).
Covered entities must develop policies and procedures governing the protection of PHI, implement physical safeguards to PHI, and implement technical controls to computer systems to protect PHI.
- Medical Offices
- Health Insurance Providers
- Any Covered Entity