HEALTHCARE IT STANDARDS GOVERNING DATA SECURITY
HIPAA compliance involves fulfilling a list of requirements, amendments, and any other related legislation such as HITECH.
We help companies in the process of defining their tech strategy toward HIPAA, and in the development of HIPAA Compliant application.
HEALTHCARE IT STANDARDS GOVERNING DATA SECURITY
HIPAA compliance involves fulfilling a list of requirements, amendments, and any other related legislation such as HITECH.
We help companies in the process of defining their tech strategy toward HIPAA, and in the development of HIPAA Compliant application.
Get in touch
The Health Insurance Portability and Accountability Act sets national standards for safeguarding patient health data. It's utilized to protect the privacy and security of PHI by presenting guidelines for providing individual health records in electronic formats.
The premise here is that every company that processes PHI (protected health information) must comply with HIPAA. However, there are some edge cases in which HIPAA isn't required.
Starting with the basics, there are four different types of covered entities:
HEALTH PLANS
Such as health insurance companies, HMOs, company health plans, government programs paying for health care, and the military and veterans health care programs.
HEALTHCARE CLEARINGHOUSES
Entities that process nonstandard health information received from other entities.
BUSINESS ASSOCIATES
Any person or entity that performs functions or activities involving using or disclosing PHI on behalf of or providing services to a covered entity.
HEALTHCARE PROVIDERS
Doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies who transmit any electronic information about a transaction for which the Department of Health and Human Services HHS has adopted a standard.
Starting with the basics, there are four different types of covered entities:
HEALTH PLANS
Such as health insurance companies, HMOs, company health plans, government programs paying for health care, and the military and veterans health care programs.
HEALTHCARE CLEARINGHOUSES
Entities that process nonstandard health information received from other entities.
BUSINESS ASSOCIATES
Any person or entity that performs functions or activities involving using or disclosing PHI on behalf of or providing services to a covered entity.
HEALTHCARE PROVIDERS
Doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies who transmit any electronic information about a transaction for which the Department of Health and Human Services HHS has adopted a standard.
You might think your healthcare app isn't within these types of companies, but here's the trick:
If your app collects, uses, or stores PHI of users and transmits this to any covered entity, your business and product must be HIPAA compliant.
If your medical app deals with personal health data about the person using it, but is exclusively meant for personal use, and:
The app is not subject to HIPAA compliance.
To sum up, whether your company is within the covered entities or not, if it transfers or stores PHI, you must comply with HIPAA.
It is very hard to define what are the exact HIPAA compliance requirements. They are intentionally vague since the aim is for them to be equally admissible for any type of Business Associate or Covered Entity that can create, access, process, or store PHI.
It contains the standards that must be applied in order to safeguard and protect electronically created, processed, accessed, or stored PHI when in transit and at rest. This rule extends to any person or system that has access to confidential patient data. There are three parts to the Security rule:
1. Technical safeguards
It addresses the technology that is (...)
The privacy rule sets national standards to protect confidentiality, integrity, and availability of PHI. It states how ePHI can be used and disclosed. It applies to all healthcare organizations, health plan providers and their employees, healthcare clearinghouses, and Business Associates of covered entities.
The Privacy Rule guarantees that appropriate safeguards are implemented in order to protect the privacy of PHI, as (...)
This rule requires Covered Entities to inform and notify patients in case of a breach of their PHI without unreasonable delay and in no case later than sixty days following the discovery.
It also requires entities to notify the Department of Health and Human Services of the breach by issuing a notice to the media if and when the breach affects more than five hundred patients. In case of smaller breaches, the responsible entity must report it via the OCR web portal. These notifications (...)
The Omnibus Rule was introduced to address areas that had been ignored by previous updates to HIPAA. It clarified procedures and policies, amended definitions, and expanded the compliance list so that it covers Business Associates and their subcontractors.
The Enforcement Rule contains provisions about the investigations that follow a breach of PHI, the penalties that could be imposed, and the procedures for hearings.
Fines are imposed depending on the violation category, the number of records exposed in the breach, the risk posed by the exposure of the data, and the level of negligence involved.
Our team of digital health experts will help you evaluate the type of service you need, and define the best fit for your project.
Get a quotePHI is any identifiable health information (past, present, or future) of an individual that is stored, maintained, or transmitted by a HIPAA-covered entity. Information can only be considered PHI if an individual could be identified from it, meaning that if all identifiers are stripped from health data, it stops being protected, and rules no longer apply.
Essentially, any health information is PHI if it includes any of these 18 individual identifiers:
PHI is any identifiable health information (past, present, or future) of an individual that is stored, maintained, or transmitted by a HIPAA-covered entity. Information can only be considered PHI if an individual could be identified from it, meaning that if all identifiers are stripped from health data, it stops being protected, and rules no longer apply.
Essentially, any health information is PHI if it includes any of these 18 individual identifiers:
Download this official free tool to find it out.
Whether it's a quick question or a fantastic idea, let's start with a conversation.
Schedule a call
