HIPAA: A Quick Primer
You deal with HIPAA everytime you visit a medical office. But what is this law that seems to constantly appear anytime you get near a healthcare provider? HIPAA is the acronym for The Health Insurance Portability and Accountability Act of 1996. Aside from allowing for portability of health insurance for the individual, the laws main reason for being is to ensure the protection and privacy of an individual’s medical data. HIPAA strictly regulates the security of medical data, and holds anyone who possesses or touches it in any way liable for any data breach that occurs. HIPAA (1996) and its younger cousin, the HITECH Act of 2006 strictly regulate and monitor the security of all individual medica data in the U.S.
Briefly, HIPAA creates (a) a right for patients to have the privacy of their healthcare data maintained and secured, and it (b) creates security regulations regarding all Protected Health Information and electronic Protected Health Information (any piece of data that can be used to identify an individual) , (c) requires enforcement, as well as (d) notification of appropriate agencies and affected individuals in the case of a data breach.
The law is enforced by the Office of Civil Rights within the Department of Health and Human Services. HIPAA was heavily reinforced by the passage of the HITECH ACT of 2006 which addressed the expansion of electronic health records and dramatically amped up the penalties and enforcement of HIPAA regulations, including a requirement for HHS audits of those entities regulated by the law.
In short, the regulation exists to protect individual privacy, and the law since 2006 has very sharp teeth. The OCR has authority to impose severe penalties, even if an entity did not knowingly fail to be compliant with the law. IT is important to understand how you are regulated by the law, draw up standards to ensure you stay in compliance, and then train everyone in your organization to understand their role in maintaining compliance. Anything less will leave you vulnerable, and you can’t afford the consequences.