HIPAA - HITECH
The US Federal laws and regulations that defines the control of most personal healthcare information for companies responsible for managing data.
The HIPAA Privacy rule establishes standards to protect individuals medical records and others personal health information and applies to health plan healthcare clearing houses and those health care transactions electronically.
HIPAA Definition:
US Department of Health and Human Services (HHS) office of civil Rights (OCR): Governing entity for HIPAA.
Covered Entity:
HHS - OCR define companies that manage healthcare data for their customers as a covered Entity.
Business Associate:
Any vendor company that supports the covered Entity.
Protected Health Information (PHI):
Any information about health status,provision of health care or payment for health care i.e. maintained by a covered Entity and can be linked to a specific individual.
HHS- OCR "Wall of Shame":
Breach portal: Notice to the secretary of HHS Breach of Unsecured Protected Health Information.
Reasons for Compliance Essential:
US laws states that all individuals have a right to expect that their private health information to private and only be used to help assure their health.
There are significant enforcement penalties if a covered Entity / Business Associate is found in violation.
HHS - OCR can do unannounced audits on the ( CE + BA ) or just the BA.
CANADA = Personal Information Protection and Electronic Documents Act
- European Union Protection Directive ( GDPR )
HIPAA Security Rule:
The security Rule required covered entities to maintain ,reasonable and appropriate administrator,technical and physical safeguards for protecting e-PHI.
- Ensure the confidentiality,integrity and availability of all e-PHI they create,receive,maintain or transmit.
- Identify and protect against reasonably anticipated threats to the security or integrity of the information.
- Protect against reasonably anticipated,impermissible user or disclosure and ensure compliance by their workforce.
Technical Safeguard:
- Access Control.
- Audit Controls.
- Integrity controls.
- Transmission Security.