There are two aspects of HIPAA that an organization needs to be aware of to maintain or achive compliance. The first rule covers patient privacy and the second is about securing patient data.
HIPAA Privacy and Security Rules
The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
The HIPAA Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information.
Who do the HIPAA Privacy and Security Rules apply to?
Healthcare Providers – This includes providers that transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard. Some examples of healthcare providers include Doctors, Clinics, Psychologists, Dentists, Chriopractors, Nursuing Homes and Pharmacies.
Companies that offer Health Plans – Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs. Some examples include Health insurance companies, HMOs, and Company Health Plans.
Health Care Clearing Houses – This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
Risks of not getting a HIPAA Assessment
As you are surely aware, the protection of sensitive data is paramount in the Healthcare Industry due to the type of information collected and stored on a daily basis. Not only is there a moral and ethical responsibility of protection, criminal penalties associated with HIPAA have increased in recent years, making compliance more important than ever. To help ensure that you are in compliance, a HIPAA Privacy and Security Assessment should be performed.
In our next blog post on HIPAA we will cover what you need to know to comply with the HIPAA Privacy and HIPAA Security Rules.