Risk Management Framework


Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to protect all forms of health information confidentiality and data privacy. Organizations who handle, process, transfer, receive or store any patient's health information must adhere to HIPAA compliance requirements.

Framework Summary

The Department of Health and Human Services requires both technical safeguards and physical safeguards for protected health information in order to be HIPAA compliant. To help organizations understand these requirement, HHS published two rules: the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule protects all forms of Protected Health Information (PHI) and its confidentiality. The Security Rule provides guidelines for electronic PHI and compliance requirements for technical processes and other technical components of safeguarding this data.

According to the HHS website, entities protecting e-PHI must:

  1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
  2. Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  3. Protect against reasonably anticipated, impermissible uses or disclosures; and
  4. Ensure compliance by their workforce.

Free Discovery Session

Have a quick question?
Email us: cybersecurity@mindpointgroup.com
Give us a call: (703) 636-2033 Option 2