The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
HIPAA is applicable to:
Directly Affected from HIPAA Non-Compliance
All organizations that directly maintain and transmit protected health information. These include health care providers, hospitals, physician practices, dental practices, health plans, laboratories, health care clearing houses, pharmacies, etc.
Indirectly Affected HIPAA Non-Compliance
All third-party vendors and business partners that perform services on behalf of or exchange data with those organizations that directly maintain and/or transmit protected health information. Examples are accountants, lawyers, medical answering services, consultants, billing agencies, etc.
Collect data for specific, explicit purposes. Avoid using it in ways that aren't aligned with the original intent.
Only gather the data absolutely necessary. Excess or irrelevant data should not be collected.
Maintain data that's up-to-date and correct. Regularly review and rectify any inaccuracies.
Retain data only for the required duration. Delete it once it's no longer necessary for its initial purpose.
Our approach has been covered in a 4-phases. These include: