Information Systems Security Consultant Professionals

Health Insurance Portability and Accountability Act (HIPAA)

In 1996 the US government signed into law HIPAA (Health Insurance Portability and Accountability Act). After much debate and review the Security Rule was finalized, and later the Privacy Rule.

Both rules took full effect as of April 2005, and the enforcement was assigned to separate departments of HHS (Health and Human Services). With these latest developments HIPAA has finalized requirements, is not a law and is enforceable.

Many have fallen into the trap thinking HIPAA is nothing to worry about, DON'T believe the lie!! Yes it took 10 years (1996 - 2006) for the wrinkles to be ironed out, but HIPAA is here, and as the courts have already proven, here to stay.

To those that are unaware, HIPAA effects any and all businesses that hold health related information. [What HIPAA calls CE (Covered Entities)]
The obvious are hospitals, doctors, and other medical practitioners. Often overlooked are Health Plans, Health Insurance Companies, Companies with Health data in their HR records. These qualify also.

The focus of HIPAA at this time is PHI (Protected Health Information). HIPAA has started setting goals or requirements to Protect (Privacy) and Secure (Security) of an individuals health information. Once fully accomplished and enforced portability will be addressed. Portability is improving the flow of information between VALID medical practitioners and will establish a standard of 'Who Needs to Know'.

Is HIPAA necessary? For those who have been victims of Identify Theft, you can attest to the fact first hand. Look at the major impact individuals have felt with the loss of financial information.

Call ISSCP

For awareness education, or a better understanding of HIPAA, Please call us.
To be confident you are covered and have complied with all requirements, please make an appointment with our consultant.
It is our goal to help you become knowledgeable, compliant and protected.

Allow us to:

Ensure that e-mail containing PHI are secure when transmitted over an unprotected link.
Ensure that e-mail systems and users are properly authenticated so the PHI is not leaked out.
Protect your e-mail servers and messages where PHI may exist.
Check your networks for security and privacy.
Improve your procedures and policies, to ensure PHI is always secure and protected.

Penalties handcuffs


HIPAA does carry a financial penalty should a violation take place. The penalty for non compliance can result in fines up to $250,00.00 and 10 years in prison for both individuals and organizations found in breach of HIPAA due to lack of Due Diligence.

For more HIPAA information, please go to http://www.hhs.gov/ocr/hipaa/







Home

Security

Security Services

Security Audits

SOX Compliance

HIPAA Compliance

Data Storage

Office In Your Pocket

Business Web Presence

Security Blog

Other ISSCP Services

Sitemap

 

 

Related Links

http://www.isaca.org/

http://www.issa.org/

http://www.sarbanes-oxley.com/

http://isaca.org/cobit/

http://www.cert.org/

http://attrition.org/dataloss/