Compliance HIPAA The Act

The HIPAA Act

The Health Insurance Portability and Accountability Act (HIPAA) is a law mandated by the US congress to address the protection of healthcare information. The HIPAA Privacy Rule and Security Rule provide federal protections for personal health information (PHI) held by covered entities and give patients an array of rights with respect to that information.  The Privacy Rule provided the first nationally-recognizable regulations for the use and disclosure of an individual's health information. The Security Rule established a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule developed the mechanics for implementing the protections contained in the Privacy Rule by addressing technical and non-technical safeguards that covered entities must put in place to secure individuals' electronic protected health information. The Health and Human Services' (HHS) Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules and imposing money penalties for non-compliance.

Overview of the Privacy Rule

  • Gives patients control over the use of their health information
  • Defines boundaries for the use and disclosure of health records by covered entities
  • Establishes US national-level compliance standards for healthcare providers
  • Helps to limit the use of PHI and minimizes chances of inappropriate and unauthorized disclosure
  • Provides authority to investigate compliance-related issues and hold violators accountable with civil and criminal penalties
  • Enables authority to disclosure PHI for individual healthcare needs, public benefit, and national interests

Overview of the Security Rule

Requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.

This includes:

  • Ensure the confidentiality, integrity, and availability of all e-PHI created, received, maintained or transmitted
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information
  • Protect against reasonably anticipated, unauthorized uses or disclosures
  • Ensure compliance by the entities workforce

 

  • 26.jpg
  • 1.jpg
  • 32.jpg
  • 19.jpg
  • 20.jpg
  • 2.jpg
  • tengasco.png
  • middle kingdom.png
  • 23.jpg
  • 22.jpg