<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] ([HIPAA]) is a [United States Federal Law] and a [Federal Health Care Law]

As our primary focus is around &quot;[data]&quot; and specifically, [Health information] we will concentrate on the &quot;Security Rule&quot; provisions and data transmission related aspects of [{$pagename}].

%%warning
Never trust [{$applicationname}]. Always perform your own due diligence. [Standard Disclaimer|Standard Disclaimer]
%%

!! [Health Information Portability and Accountability Act (HIPAA)|http://aspe.hhs.gov/admnsimp/pl104191.htm]
In basic terms, the [{$pagename}] The [HIPAA Privacy Rule] covers [Protected Health Information] in any medium while the [HIPAA Security Rule] covers electronic [Protected Health Information].

Also known as the Kennedy-Kassebaum Act, the Act includes a section, Title II, entitled Administrative Simplification, requiring [Compliance]:
# Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
# Protection of [confidentiality] and [security] of health data through setting and enforcing standards.

More specifically, HIPAA called upon the [United States Department of Health and Human Services] ([HHS]) to publish new [Regulatory compliance] rules that will ensure:
# Standardization of electronic [patient] health, administrative and [Financial Data]
# Unique health identifiers for individuals, employers, health plans and health care providers
# Security standards protecting the [confidentiality] and [integrity] of &quot;individually identifiable health information,&quot; past, present or future.

Effective [compliance] requires organization-wide implementation. [Compliance] requirements include:
* Building initial organizational awareness of [HIPAA]
* Comprehensive assessment of the organization's [privacy] practices, information security systems and procedures, and use of electronic transactions
* Developing an action plan for [compliance] with each rule
* Developing a technical and management infrastructure to implement the plans
* Implementing a comprehensive implementation action plan, including
** Developing new policies, processes, and procedures to ensure [privacy], [security] and [patients]' rights
** Building business associate agreements with business partners to support HIPAA objectives
** Developing a secure technical and physical information infrastructure
** Updating information systems to safeguard [Protected Health Information] ([PHI]) and enable use of standard claims and related transactions
** Training of all workforce members
** Developing and maintaining an internal privacy and security management and enforcement infrastructure, including providing a [Privacy Officer] and a [Security Officer]

!! Data Generated By [Patient]
Generally, [Data] Generated By [Patient] is &quot;mostly outside of the disclosure restrictions and requirements found in the [{$pagename}] ([HIPAA])&quot;[1]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Report on Best Privacy Practices for R&amp;D in the Wearables|https://cdt.org/files/2016/05/2016-05-17-Fitbit-FNL1.pdf/|target='_blank'] - based on information obtained 2016-05-20- 










</pre>