HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996. requires covered entities to protect the health care information they electronically collect, maintain, utilize, or transmit. The Final Security Rule set standards for the security of electronic health information. This was published in the Federal Register on February 20, 2003. This standard has three basic components:
  1. Administrative procedures - Certification, chain of trust partner agreement, contingency plan, formal mechanisms for processing records, information access control, internal audits, personnel security, security configuration management, security incident procedures, security management process, termination procedures, and training.
  2. Physical safeguards - Assigning security responsibility, physical access controls, policy/guideline on workstation use, secure workstation location, and security awareness training.
  3. Technical security mechanisms - Communications and network controls