5 Security Awareness Tips for HIPAA Compliance

The Healthcare field generates a lot of information that is very private. To address this issue, Congress passed what was originally known as the Kennedy-Kassebaum bill but was later changed to Health Insurance Portability and Accountability Act, or HIPAA. HIPAA was intended to help people carry their health insurance from one company to another, as well as to streamline the movement of medical records from one health care institution to another.

At the micro level, HIPAA covers “‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. The Privacy Rule calls this information protected health information”. Protected health information, or PHI, and electronic PHI, or ePHI is the heart of what HIPAA is intended to protect. An example of PHI would be fax containing, and an example of ePHI would be an electronic record on a computer that contains PHI. It should be noted that with the prevalence of computers in the healthcare field, ePHI is the most common form.

With this said, a covered entity or its business associate must protect against the misuse of both forms of PHI. This article details 5 security awareness tips that will help covered entities better protect PHI and maintain compliance with HIPAA.

According to HIPAA, a “covered entity” is defined as health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Basically, these transactions concern billing and payment for healthcare services or insurance coverage. These covered entities include hospitals, academic medical centers, physicians, and other healthcare providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. General examples of covered entities include (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/umDcpkFgFSk/