This article provides a brief introduction to (Health Insurance Portability and Accountability Act of 1996 (HIPPA) compliance. Additional information about HIPPA compliance may be found on the HHS website and other sources on the internet regarding HIPPA compliance.
What is HIPPA Compliance
HIPAA (Health Insurance Portability and Accountability Act of 1996) requires businesses that process, store or transmit electronic protected health information (ePHI or PHI) to comply with strict administrative, physical and technical safeguards. HIPPA also applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”) and to their business associates. The HITECH Act of 2009 expanded the responsibilities of business associates under the HIPAA Security Rule. HHS developed regulations to implement and clarify these changes.
Listed below are some of the main requirements to maintain HIPPA.
- Implement a means of access control
- Introduce activity logs and audit controls
- Facilitate automatic log-off of PCs and devices
- Policies for the use/positioning of workstations
- Inventory of hardware
- Conduction of risk assessments
- Developing a contingency plan
- Restricting third-party access
- Identifying and respond to suspected or know security incidents; mitigate to the extent practicable, harmful effects of known security incidents
- Data Encryption & Email Encryption
Do I need to be HIPPA Compliant?
If you are an entity that transmits health information in electronic form or stores it including law firms. Yes you must comply with HIPPA.