The Health Insurance Portability and Accountability Act (HIPAA) of 1996 allow the federal government to mandate the ways in which health care organizations store and transmit individuals’ personal health information.
Your Information technology (IT) partner should understand how The Privacy Rule and The Security Rule effect implemented systems and software.
The Privacy Rule
The Privacy Rule establishes minimum Federal standards for safeguarding the privacy of individually identifiable health information.
Health plans, health care clearing houses, and certain health care providers my comply with this Rule.
Individuals are given certain rights by the Privacy Rule including access to health information records and when certain types of health information is shared with other people and organizations.
The Security Rule
Companies who are covered by HIPPA are also required to take specific steps to protect Electronic PHI (ePHI).
All security requirements can be defined as one of three basic safeguards:
- administrative physical technical
Basic requirements include
- Adopting policies and procedures to protect ePHIAdopting policies and procedures to protect the security of patient information, including a policy on workstation useDeveloping and implementing data access control proceduresImplement technical mechanisms to prevent unauthorized accessEstablish a reporting and response system for confidentiality violations
The HIPAA Privacy and Security Rule requirements are designed to be technology neutral and scalable from the smallest to the largest companies and organizations. It is typically a custom combination of software and process which allows companies to be in compliance with the requirements of the Privacy and Security Rules.
I'll follow-up with another article describing more