Risk Management Framework

HIPAA

Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to protect all forms of health information confidentiality and data privacy. Organizations who handle, process, transfer, receive or store any patient's health information must adhere to HIPAA compliance requirements.

Framework Summary

The Department of Health and Human Services requires both technical safeguards and physical safeguards for protected health information in order to be HIPAA compliant. To help organizations understand these requirement, HHS published two rules: the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule protects all forms of Protected Health Information (PHI) and its confidentiality. The Security Rule provides guidelines for electronic PHI and compliance requirements for technical processes and other technical components of safeguarding this data.

‍

According to the HHS website, entities protecting e-PHI must:

Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
Identify and protect against reasonably anticipated threats to the security or integrity of the information;
Protect against reasonably anticipated, impermissible uses or disclosures; and
Ensure compliance by their workforce.

‍

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences Deny Accept

Risk Management Framework

HIPAA

Framework Summary

Free Discovery Session

Services

Resources

Company