HIPPA is the Health Insurance Portability and Accountability Act, enacted by the U.S. Congress in 1996. The purpose was to improve how healthcare entities protect sensitive patient information. Since this time, new rules were added to HIPAA to enhance the current levels of protection.
HIPAA has several covered entities, including health plans, healthcare clearinghouses, healthcare providers electronically submitting any information under protected health information, or PHI. This also includes business associates, which may include third party vendors, attorneys, accountants and cloud service providers.
What happens in non-compliance
Any entity not in compliance with HIPAA could face severe fines or criminal punishment. The goal of HIPAA is to have technical, physical and administrative policies and procedures in place to protect PHI. This ensures privacy, and the integrity and accessibility of this data is protected.
No two providers are alike
HIPAA is flexible and scalable based on the type of covered entity. As technology continues to become an integral part of how the healthcare system operates, the security measures employed by each covered entity must be developed based on the type of environment they have. Covered entities must perform security risk assessments and employ plans and measures to effectively manage their current and potential risks.
Cyberattacks are very common in the healthcare industry, in an effort to retrieve personal patient information. Although business associate contracts are in place if there is a HIPAA breach, the responsibility still falls upon the main covered entity.
Each year, organizations under the HIPAA rules incur fines that can exceed millions of dollars. This is why it is so important to ensure all technical, physical and administrative standards are up to par and exceed the expectations of HIPAA rules. From the employees to the types of technology being used, maintaining compliance within the HIPAA guidelines is key.