HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.
The HIPAA Privacy Rule applies to organizations that are considered HIPAA-covered entities, including health plans, healthcare clearinghouses and healthcare providers. In addition, the HIPAA Privacy Rule requires covered entities that work with a HIPAA business associate to produce a contract that imposes specific safeguards on the PHI that the business associate uses or discloses.
The Security Standards for the Protection of Electronic Protected Health Information, commonly known as the HIPAA Security Rule, establishes national standards for securing patient data that is stored or transferred electronically. The rule requires the placement of safeguards, both physical and electronic, to ensure the secure passage, maintenance and reception of protected health information (PHI).
HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision.
To comply with the Security Rule’s implementation specifications, covered entities are required to conduct a risk assessment to determine the threats or hazards to the security of ePHI and implement measures to protect against these threats and such uses and disclosures of information that are not permitted by the Privacy Rule.A risk assessment should be tailored to the covered entity’s circumstances and environment, including the following:
Size, complexity and capabilities of the covered entity
The covered entity’s technical infrastructure, hardware and software security capabilities
The probability and criticality of potential risks to ePHI
The costs of security measures
HIPAA compliance can be very complex. To schedule a one hour free consultation, please fill out the simple form, one of our cybersecurity professionals will response to you promptly.