Cybersecurity and HIPAA/HITECH Compliance

HIPAA (Health Insurance Portability and Accountability Act)

Enacted in 1996, the federal Health Insurance Portability and Accountability Act (HIPAA) requires the establishment of national standards for electronic healthcare transactions and also addresses the security and privacy of health data.

Among its most significant provisions is the requiring of the Department of Health and Human Services (HHS) to draft rules aimed at increasing the efficiency of the healthcare system by creating standards for the use and dissemination of healthcare information. The HIPAA Privacy Rule regulates the use and disclosure of certain information held by such covered entities as employer-sponsored health plans, health insurers, billing services, community health information systems, and medical service providers that engage in certain transactions.

It establishes regulations for the use and disclosure of protected health information - any information held by a covered entity that concerns health status, provision of healthcare, or payment for healthcare that can be linked to an individual. This includes any part of an individual's medical record or payment history. A person who believes that the HIPAA Privacy Rule is not being upheld can file a complaint with HHS's Office for Civil Rights.

HITECH (Health Information Technology for Economic and Clinical Health)

The Health Information Technology for Economic and Clinical Health (HITECH) Act addresses the privacy and security concerns associated with the electronic transmission of health information. It imposes rules for the accounting of a patient's health information disclosures, including information used to carry out treatment, payment and healthcare operations when an organization is using an electronic health record.

The HITECH Act also imposes notification requirements on covered entities, business associates, vendors of personal health records and related entities should a breach of unsecured protected health information occur.

In April 2009, the HHS issued guidance on how to secure protected health information appropriately. Network Box USA is fully conversant with this guidance. Moreover, we have the experience and expertise to help those in the healthcare industry comply with the full complement of security and privacy provisions mandated by the HIPAA and HITECH Acts.

Click here to learn more about how Network Box USA can help you protect your healthcare network.