HIPAA - Health Insurance Portability and Accountability Act


An overview of the Act


The Health Insurance Portability and Accountability Act, popularly known as HIPAA, was enacted by the US Congress in the year 1996. This act was created based on the rapid technological advancements that have heavily influenced the health care industry. Health care providers all over the US have moved most of their patient health records to a computerized format to facilitate easy access and transmission of the said information, but upon occurrence of several breaches of sensitive individual health information, the US Government enacted the HIPAA to ensure accountability, effectiveness and security of sensitive individual health information.
An important aim of HIPAA is to bring about accountability among the several organizations involved with healthcare all around the US, and their partners. Health care providers (including clinics and hospitals), Health Plan providers, Health care clearinghouses and their business associates who store, process or transmit any health information are under the purview of the HIPAA. These entities are known by the act as Covered Entities. Establishing several clauses mandating the need for privacy and confidentiality of Individually Identifiable Health Information and Protected Health Information (IIHI) achieves the objective of accountability.
Individually Identifiable Health Information is the identifiable health information and demographic information collected from an individual. Protected Health Information or (PHI)is the individually identifiable health information that is stored, processed or transmitted by the covered entity regardless of form. This information includes the name, social security number, date of birth and several other elements of personal information and health information of an individual.
As part of the Security Rule of the Act, Covered Entities and their business associates have to take all possible precautions to ensure the confidentiality, integrity and availability of Electronic-PHI, which is stored, processed or transmitted. Naturally, to ensure the same technical, physical and administrative security measures need to be implemented to ensure that PHI is protected against security breaches.

why we45?


Information Security is one of the critical requirements for HIPAA Compliance. HIPAA requires a Risk Assessment to be performed by the entity coming in contact with PHI. The security controls for the PHI, stored, processed or transmitted is based on the controls derived from the Risk Assessment program. Security controls may include different facets of security, such as physical security, network security, host security and application security. we45 has a strong compliance program to ensure that organizations are able to successfully comply with the HIPAA requirements. In conjunction with its Risk Assessment Services, we45 also provides detailed guidance and implementation expertise for the comprehensive application of controls for HIPAA compliance.

Privacy Policy | Disclaimer | Copyright © 2011 we45 Solutions India Pvt Ltd. Contact