HIPAA Privacy Rule


This rule establishes standards for protection of patient privacy rights, including controls on access and disclosure of personal data either inside or outside an organization. The privacy rule applies to paper records, as well as electronic records and messages, and is designed to restrict access to individual health data, allowing the minimum necessary access.


HIPAA Security Rule

This rule establishes standards and requirements to ensure confidentiality and integrity of protected health information (PHI) in electronic records during transmission and storage. The rule requires administrative, physical and technical safeguards.


What do I need to do to be HIPAA compliant?


Keeping Your Practice HIPAA Compliant

In 1996 Congress enacted the Health Insurance Portability and Accountability Act to impose sweeping standards for the privacy and protection of all electronic health information that can be linked to an individual. Any entity providing medical or dental care must follow these standards.

Under this act there are several things your practice is required do that includes, but may not be limited to:

  • Ensuring the confidentiality, integrity, and availability of all electronic protected health information your practice receives, maintains, or transmits
  • Protect against any reasonably anticipated threat or hazards to such information
  • Protect against any reasonably anticipated disclosures to any individual not authorized to view the information
  • Ensure compliance of these rules by your staff


To remain compliant with this act each practice or covered entity is required to establish and implement if necessary a contingency plan in case of an emergency such as fire, vandalism, natural disaster, or system failure to protect the EPHI (Electronic Protected Health Information) data of your patients. This contingency plan should consist of:

  •     Data Backup Plan
  •     Disaster Recover Plan
  •     Emergency Mode of Operation Plan


Each practice is also responsible for implementing physical safeguards for protected information as follows:

  • Policies and procedures to limit physical access to EPHI.
  • A contingency plan that supports the practice to restore data in the case of a disaster or emergency.
  • Encryption and decryption of electronic data being transmitted in any way.
  • Have in place audit controls that monitor and record activity in any system containing EPHI.
  • Safeguards against unauthorized access by outside parties to electronic records that are being transmitted over an electronic communications network.​​

HIPAA

Our Partners Include


The Health Insurance Portability and Accountability Act also known as HIPAA was put in place by Congress in 1996 to impose sweeping standards for the privacy and protection of all electronic health information that can be linked to an individual. It is also the purpose of this act to improve the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.



There are two main parts to this act: