There’s a good chance you’ve come across the acronym “HIPAA” and/or the phrase HIPAA compliance at some point.
However, you may not fully understand what it means.
HIPAA stands for the Health Insurance Portability and Accountability Act, which was enacted in 1996 to deal with issues involving patient data protection.
In short, any company that deals with protected health information is required by law to have security measures in place to ensure HIPAA compliance.
In addition to the company itself, covered entities, business associates, and subcontractors – among others – must also be in compliance at all times.
HIPAA Privacy Rule
According to the U.S. Department of Health & Human Services, the HIPAA Privacy Rule is as follows:
“Establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.”
With this rule in place, safeguards must be used to protect the privacy of all personal health information, while also setting limits on uses and disclosures.
HIPAA Security Rule
The U.S. Department of Health & Human Services also shares information on the HIPAA Security Rule, noting the following:
“The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.”
As you can see, the security rule pertains more to electronic personal health information, which is continuing to become more and more common in today’s day and age.
HIPAA Compliance is Important
Without HIPAA compliance, companies with access to personal health information and records would be able to do whatever they want with sensitive data.
HIPAA compliance is more important than ever before, as a growing number of medical providers and insurance companies move to electronic operations, such as electronic health records and computerized physician order entry.
While advanced technology improves efficiency, it also increases the potential for security risks.
Thanks to HIPAA, organizations dealing with protected health information must strictly follow all compliance rules and regulations.
Non-compliance can result in a variety of penalties based on the level of negligence, with a maximum fine of up to $1.5 million per year.
Note: non-compliance can also result in criminal charges, with a conviction leading to a possible prison sentence.
As you can see, HIPAA compliance is extremely important both for business entities and patients.