What is HIPAA?
HIPAA Stands for Health Insurance Portability and Accountability Act. It is specially designed for the protection of patient information. With the increase in electronic medical records, it ensures that their personal data doesn’t get into wrong hands. HIPAA compliance is enforced by the officer of civil rights (OCR) and regulated by the department of health and human services (HHS). To know more about HIPAA, Visit here.
Who is OCR
- Maintains HIPAA compliance
- Investigate HIPAA violations
- Routine guidance on new issues affecting health care
- Enforcing privacy and security rules
PHI ( Protected Health Information)
HIPAA PHI is an information in a person’s medical record, which was created, disclosed or used during the patient’s treatment or diagnosis. This information is used to identify the person. Eg: Address, Name, Contact no., Medical Record, etc.
Who Needs To Be HIPAA Compliant
Any company that deals with PHI, must be a HIPAA compliant. It includes Covered Entities and Business Associates.
Covered Entities (CE): covered entities means health providers, health insurers and many other professionals whose daily work involves the handling of individual medical information.
Business Associates: the business associates are defines as an organization or a person working in an organization that provides the services to covered entities. Eg: billing companies, medical equipment companies, etc.
HIPAA Privacy Rule
Released by the United States Department of Health and Human Services to restrict the use and disclosure of personal information that belongs to the patients or consumers of the healthcare services. The Rule also gives the right to the patient over their health information, including the right to examine and can also obtain a copy of their health records, and can also ask for the corrections.
HIPAA Security Rule
HIPAA Security Rule deals with electronic Protected Health Information (ePHI), which is basically a subset of the HIPAA privacy rule. HIPAA security rule needs the implementation of three kinds of safeguards: administrative physical and technical.
- Administrative Safeguards are the rules and procedures that help protect against a breach.
- It also ensures that the physical and technical protections are implemented properly and consistently.
Physical safeguards make sure data is physically protected from unauthorized access.
Technical safeguards are the technology and related policies that protect data from unapproved access.
The HIPAA Titles
Title 1: Health insurance coverage is protected for workers and their families when they change or lose their jobs.
Title 2: Establish national standards for processing the electronic healthcare transactions and also ensures that healthcare organizations should implement secure electronic access to health data.
Title 3: Certain deductions for medical insurance are provided, and makes other changes to health insurance law.
Title 4: HIPPA creates additional expectations for health insurance, such as new protections for anyone who has a “pre-existing” illness or wants to keep their plan active
Title 5: The provisions are related to the treatment of individuals who lose U.S. Citizenship for income tax purposes, company-owned life insurance.
Companies are able to reduce the uncertainty of regulatory action by taking practice in training programs for HIPAA compliance. The OCR gives six programs in total which strive to educate employees about the security and privacy rules. Many other training groups and consultancies volunteer programs, too. Read more about SOC 2 Compliance here.