HIPAA stands for Health Insurance Portability and Accountability Act. The purpose of this act is to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
HIPAA applies with any organization that handles personal data concerning health, such as treatment providers (e.g., dentist or physician offices, outpatient clinics, imaging centers, hospitals, urgent care centers), insurance companies, health research facilities, and other facilities that handle health care and/or otherwise collect data concerning health.
Generally, companies should ensure the confidentiality, integrity, and availability of all electronic Personal Health Information (e-PHI). They must identify and protect against reasonably anticipated threats to the security of the information, they must protect against reasonably anticipated impermissible uses, and they must ensure compliance by their workforce.
HHS, who governs HIPAA, understands that companies range from small to large businesses, and therefore can identify what solutions are appropriate for their company, however, some recommended processes, procedures, and controls to implement are:
To get started with HIPAA compliance you’ll want to first assign a designated security official who will be responsible for developing and implementing HIPAA security policies and procedures. Once your processes and procedures are determined you’ll want to start training your staff while arranging for a risk analysis to identify any potential issues.
If you have further questions regarding HIPAA or need help with your compliance setup don’t hesitate to contact us below. Our HIPAA Consulting Services will set you up with an experienced HIPAA compliance professional who can help guide your organization towards compliance.
Do you still have questions regarding HIPAA? Our HIPAA consulting professionals can help you to understand and comply with HIPAA, regardless of complexity.
Contact Us Today