HIPAA

Health Insurance Portability and Accountability Act

There are 3 main HIPAA compliance rules:

  1. HIPAA Privacy Rule - It address the risk of Protected Health Information (PHI) being compromised or used for identity theft.

  2. HIPAA Security Rule - Outlines the regulations for protecting ePHI.

  3. HIPAA Breach Notification Rule - Defines the steps an organization must take if they suspect a data breach involving ePHI has occurred.

HIPAA Violations:

  1. Lack of employee training on HIPAA compliance

  2. Database breaches affecting ePHI

  3. Sharing PHI between coworkers

  4. Loss of a laptop or mobile device containing unencrypted ePHI

  5. Improperly disposing of ePHI in ways that make it accessible to unauthorized users

7 Elements of effective HIPAA compliance:

  1. Implementing written policies, procedures, and standards of conduct.

  2. Designating a compliance officer and compliance committee.

  3. Conducting effective training and education.

  4. Developing effective lines of communication.

  5. Conducting internal monitoring and auditing.

  6. Enforcing standards through well-publicized disciplinary guidelines.

  7. Responding promptly to detected offenses and undertaking corrective action.

PreviousData Loss Prevention

Last updated