A brief introduction to HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 which is popularly known as HIPAA, is a series of regulatory standards that outlines certain rules with regards to the use and disclosure of protected health information (PHI). The Compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR). HIPAA Compliance requires business associates and covered entities to follow set rules that are intended to protect and secure Protected Health Information (PHI) as prescribed by the Health Insurance Portability and Accountability Act. The Regulatory Compliance was introduced to protect the privacy, security, and integrity of protected health information.

What is Protected Health Information?

Protected health information (PHI) is data or information about a patient or client availing healthcare services. Common examples of PHI include names, addresses, phone numbers, Social Security numbers, medical records, financial information, and full facial photos to name a few. PHI transmitted, stored, or accessed electronically falls under the HIPAA regulatory standards and is known as electronically protected health information or ePHI. 

Who needs to be HIPAA compliant?

Under HIPAA Compliance the regulation identifies two types of organizations that are expected to be HIPAA compliant.

Covered Entities:

Defined by HIPAA regulation, a covered entity is as any individual or organization that collects, creates, or transmits PHI data physically or electronically. Health care organizations that are considered covered entities include doctors, nurses, and insurance companies who have direct access to PHI. 

Business Associates:

• Defined by HIPAA regulation, Business Associates are those that encounter or get access to PHI in any way during work performed with a covered entity. It can be any individual working with a covered entity in a non-healthcare capacity but are equally responsible for maintaining HIPAA compliance as the covered entities. Since there is a wide scope of service providers involved directly or indirectly in handling, transmitting and processing of PHI, Business Associates could be anyone ranging from billing companies, third-party consultants, IT providers, faxing companies, shredding companies, physical storage providers, cloud storage providers, email hosting services, attorneys, accountants, administrators, and many more who work in the healthcare industry and have access to PHI.

Also, watch the webinar on HIPAA Basics.

This article originally published on the VISTA InfoSec

https://www.vistainfosec.com/blog/a-brief-introduction-to-hipaa-compliance/