The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain healthcare transactions electronically. The Privacy Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronically protected health information. In addition, the Security Rule requires each healthcare organization to conduct an annual Security Risk Analysis as the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule.
The HPS Solution
HPS Solutions facilitates the development, implementation, and monitoring of the healthcare organization’s HIPAA compliance program. The program includes the development of the HIPAA Privacy & Security Manual, employee training, and auditing services to include:
- HIPAA Security Risk Assessment (HIPAA SRA)
- HIPAA Breach Risk Assessment