What is HIPAA Compliance?
HIPAA Compliance stands for the Health Insurance Portability and Accountability Act and is a U.S. federal law enacted in 1996 as an attempt at incremental healthcare reform. It was subsequently revised in 2009 with the ARRA/HITECH Act and again in 2013 with the Omnibus Rule. Prior to HIPAA, there was no generally accepted set of security standards or general requirements for protecting health information in the health care industry. At the same time, new technologies were evolving, and the health care industry began to move away from paper processes and rely more heavily on the use of electronic information systems to pay claims, answer eligibility questions, provide health information and conduct a host of other administrative and clinically based functions.
What’s tricky about HIPAA Compliance is the healthcare industry is so diverse, these security standards were designed to be flexible and scalable so a covered entity can implement policies, procedures, and technologies that are appropriate to their business. The Security Rule is made up of 3 parts:
- Technical Safeguards: focuses on the technology that protects PHI and controls access to it
- Physical Safeguards: set of rules and guidelines that focus on the physical access to PHI
- Administrative Safeguards: collection of policies and procedures that govern the conduct of the workforce and the security measures put in place to protect ePHI.
Failure to comply with HIPAA regulations can result in substantial fines being issued and criminal charges and civil action lawsuits being filed should a breach of ePHI occur. There are also regulations you need to be aware of covering breach reporting to the OCR and the issuing of breach notifications to patients. 2W Tech has a Cyber Security Compliance Program that is designed to support our Client’s compliance obligations. Most organizations must abide by and maintain a standard for controls that safeguard the confidentiality and privacy of information stored and processed. We work hand in hand with you to learn more about your required compliances, help obtain proper agreements, and access relevant system architecture information. Give us a call today to get started on your journey to achieving compliance.
7 Steps to a Holistic Security Strategy
Interested in reading this article? Click the button below to download this asset.