HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) poses major challenges for healthcare organizations (HCOs) as they strive to meet compliance requirements. HIPAA, part of a larger legislative effort to make it easier for individuals and small business to get and keep health insurance, includes an 'administrative simplification' section to encourage electronic transactions. This in turn has generated a host of new regulations to ensure the security and privacy of electronically stored medical data.

The Health Insurance Portability and Accountability Act (HIPAA) passed by Congress in 1996 requires all HCOs such as insurance companies, clearinghouses and health providers meet certain federal guidelines to ensure the security and privacy of patient information.

• Information Security - Healthcare organizations must develop and enforce formal security policies and procedures for granting different levels of access to Patient Health Information. This includes authorization to access data, the establishment of account access profiles, and modification of account privileges. All organizations must meet specific industry standards to ensure data system confidentiality, integrity and availability.
• Information Privacy - This component requires that the use of Patient Information be limited to that which is necessary to administer treatment. This information is subject to privacy rules, which limit who has access to patient information, and under what circumstances access is granted.