Overview#Health Insurance Portability and Accountability Act (HIPAA) is a United States Federal Law and a Federal Health Care Law
As our primary focus is around "data" we will concentrate on the "Security Rule" provisions and data transmission related aspects of Health Insurance Portability and Accountability Act.
Also known as the Kennedy-Kassebaum Act, the Act includes a section, Title II, entitled Administrative Simplification, requiring:
- Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
- Protection of confidentiality and security of health data through setting and enforcing standards.
More specifically, HIPAA called upon the Department of Health and Human Services (HHS) to publish new rules that will ensure:
- Standardization of electronic patient health, administrative and financial data
- Unique health identifiers for individuals, employers, health plans and health care providers
- Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.
Effective compliance requires organization-wide implementation. Compliance requirements include:
- Building initial organizational awareness of HIPAA
- Comprehensive assessment of the organization's privacy practices, information security systems and procedures, and use of electronic transactions
- Developing an action plan for compliance with each rule
- Developing a technical and management infrastructure to implement the plans
- Implementing a comprehensive implementation action plan, including
- Developing new policies, processes, and procedures to ensure privacy, security and patients' rights
- Building business associate agreements with business partners to support HIPAA objectives
- Developing a secure technical and physical information infrastructure
- Updating information systems to safeguard protected health information (PHI) and enable use of standard claims and related transactions
- Training of all workforce members
- Developing and maintaining an internal privacy and security management and enforcement infrastructure, including providing a Privacy Officer and a Security Officer
More Information#There might be more information for this subject on one of the following:
- [#1] - Report on Best Privacy Practices for R&D in the Wearables - based on information obtained 2016-05-20-