Enterprise Security and HIPAA in Healthcare
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information (see Pub. L. 104-191)
HHS published the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, established Standards for the protection of Protected Health Information (PHI). The Security Standards for the Protection of Electronic Protected Health Information (ePHI) (the Security Rule) established a security Standards for protecting health information (either held or transferred in electronic form).
The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “HIPAA covered entities” must put in place to secure e-PHI.
Office for Civil Rights (OCR) within HHS has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.
Managing the complexity of security continues to be the most important challenge healthcare organizations. Hacking is the leading cause of privacy breaches.
The HIPAA Security Rule requires that Covered Entities that create, stores, or transmit ePHI, must designate a privacy officer.
HIPAA Expert Witness