Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

HIPAA is applicable to: 

Directly Affected from HIPAA Non-Compliance
All organizations that directly maintain and transmit protected health information. These include health care providers, hospitals, physician practices, dental practices, health plans, laboratories, health care clearing houses, pharmacies, etc.

Indirectly Affected HIPAA Non-Compliance
All third-party vendors and business partners that perform services on behalf of or exchange data with those organizations that directly maintain and/or transmit protected health information. Examples are accountants, lawyers, medical answering services, consultants, billing agencies, etc.

The objectives of HIPAA are:

• Standardization of electronic patient/ health, administrative and financial data
• Unique health identifiers for individuals, employers, health plans and health care providers
• Security standards to provide physical, technical and administrative safeguards to protect the integrity, availability and confidentiality of health information.
• Privacy standards to ensure administrative and physical safeguards to protect the privacy and confidentiality of health information, and to protect against unauthorized access.

Our approach has been covered in a 4-phases. These include: 

Phase 1: Governance & Planning
Phase 2: Gap Analysis
Phase 3: Implementation 
Phase 4: Privacy Compliance, Risk Management Framework & Audit