What is HIPAA Compliance?
The Health Insurance Portability and Accountability Act (HIPAA), enforced by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), mandates cybersecurity standards for businesses in the healthcare industry and healthcare insurance industry that handle information related to protected health information (PHI).
The HIPAA act Title II establishes policies and procedures for maintaining the privacy and security of identifiable health information, outlines potential offenses relating to health care, and details civil and criminal penalties for violations. It has five rules regarding HIPAA designed to increase the efficiency of the health care system by creating standards for the use and dissemination of healthcare information.
HIPAA requires “covered entities” to implement security and data privacy controls to protect patient’s health information from unauthorized access. HIPAA rules are equally applicable to every type of covered entity including health plans, health care clearinghouses, and health care providers responsible for the transmission of healthcare data in a manner regulated by HIPAA. Business Associates that create, access, process, or store PHI are also required to be HIPAA compliant.
HIPAA dictates that all covered entities must implement security and data privacy controls to protect patient’s health information from unauthorized access. Covered entities include health plan providers, healthcare providers, healthcare clearinghouses, and many more businesses.
While HIPAA was first signed into law in 1996, several amendments to the regulation have been included to keep in line with the ever-increasing cybersecurity enhancements to combat digital data breaches within the healthcare industry.