What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act. The HHS (Health and Human Services) published a final Privacy Rule in December of 2000, which was later modified in August of 2002. This Rule sets national standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically. HIPAA covers any entity that deals with PHI (personal health information) and their business associates (if you aren’t sure if you are covered we highly recommend you speak with a qualified attorney). Within HIPAA is a cybersecurity rule mandating that organizations put in place protocols to protect sensitive health information.
The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI (Electronic – Personal Health Information).
PHI stands for Personal Health Information, or e-PHI which covers electronic records, and consists of any information which can be used to identify an individual or their medical treatment. Some examples of PHI include:
- Admissions Records
- Prescription Records
- Insurance Records
- Medical Appointment Information
- Medical History
Specifically, covered entities must:
- Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
- Identify and protect against reasonably anticipated threats to the security or integrity of the information;
- Protect against reasonably anticipated, impermissible uses or disclosures; and
- Ensure compliance by their workforce.
To meet these requirements, HIPAA lays out a set of safeguards you must meet. These include controls that are divided into the following groups:
- Risk Analysis and Management
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- Required and Addressable Implementation Specifications
- Organizational Requirements
- Policies and Procedures and Documentation Requirements
Touchstone Security is a different kind of HIPAA Compliance Consulting partner. We will work with you to create a flexible, streamlined cybersecurity program that integrates directly with your business and provides concrete, measurable security. Our team has experience designing, implementing, and managing cybersecurity compliance programs for dozens of Fortune 500 companies, government agencies, and businesses around the world.