HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It is a set of mandatory standards to manage the use and disclosure of healthcare data, known as Protected Health Information or PHI. Complying with HIPAA is mandatory for all Healthcare Providers, Business Associates (Vendors of Healthcare Providers), Healthcare SaaS companies, and any Organization that directly or indirectly works with PHI. HIPAA has been amended to include additional rules that expand its scope and applicability.
The Office for Civil Rights (OCR) enforces HIPAA, while the Department of Health and Human Services (HHS) regulates HIPAA compliance. The OCR regularly publishes recommendations on new issues affecting healthcare and investigates common HIPAA violations on a regular basis.
Protected Health Information (PHI)
Any identifiable health-related data used, stored, maintained, or shared by an entity is considered PHI. It covers every aspect of a patient’s information. The HHS has identified 18 HIPAA identifiers. They are:
HIPAA rules are focused on protecting PHI – HIPAA Security rule, HIPAA Privacy rule, HIPAA Breach Notification rule, HIPAA Omnibus rule and HIPAA Enforcement rule. There are specific safeguards and guidelines under each rule to ensure that Protected Health Information is handled with utmost care.
Organizations that are covered under HIPAA can avoid penalties, fines, and jail time for violating these HIPAA rules by ‘De-identifying PHI’. De-identification implies disassociating a patient from their health information. Once it is de-identified, the data set is no longer covered under HIPAA. The organization continues to be covered under HIPAA, but this security measure significantly reduces its risk. The HHS recommends 2 methods to de-identify health data.
If you are looking for support to implement or evaluate your level of HIPAA Compliance, or if you have any questions about HIPAA compliance and would like to connect with a HIPAA Expert, please get in touch with us for a free consultation. If you are looking for a convenient Do-It-Yourself HIPAA Attestation Kit, you can sign up for a free trial.