Whether you are a large hospital, a small clinic or a private practice office, HIPAA privacy rules mandate that you protect your patients' information. The United States' Health Insurance Portability and Accountability Act (HIPAA) requires that you observe patient confidentiality rules in the most stringent manner or endure harsh consequences.
The main tenants to follow in order to avoid HIPAA violations include:
- HIPAA recognizes that private health information needs to be retained and transmitted and so these regulations are to protect that information
- You can be punished for losing, exposing or negligently disposing of HIPAA Protected Health Information (PHI)
- You can be punished for failing to have measures in place that protect HIPAA PHI even if nothing bad happens
HIPAA law was written so that the electronic transfer of PHI would be protected. The basic requirements for technology under HIPAA law are as follows:
- Like CIPA, HIPAA privacy rules require organizations that deal with PHI to protect their electronic data, but puts the onus on them to decide how they will protect PHI
- Data sent over open networks is required by HIPAA law to be encrypted
- Encryption must include secure delivery so that authentication of recipients is assured
- You will find that companies that deal with PHI often have a HIPAA Compliance Officer and/or have established their own best practices for assuring HIPAA compliance
As a result of the American Reinvestment and Recovery Act (ARRA) passed in 2009, HIPAA privacy rules were expanded to include any organization that has any contact with PHI. Title XIII of ARRA, known as the HITECH Act, is the source of these dozens of HIPAA revisions.
The basic requirements of the expanded HITECH Act under HIPAA Law include:
- HIPAA violations are expanded to cover more organizations or individuals who handles PHI, which can include schools, law firms, businesses or other entities.
- New requirements include a stick and a carrot for HIPAA violations and safeguards- penalties for not digitizing PHI and rewards for those who accomplish it sooner
- The HITECH ACT requires that within organizations handling PHI, HIPPA violations will be pursued including the right of victims to sue individuals found culpable within those organizations
- Enforcement of HIPAA privacy rules has been beefed up and penalties for HIPAA violations can be severe including:
- Substantial fines, even imprisonment
- Loss from expensive litigation and judgments against violators both organizations and/or individuals
- Brand damage from the requirement to publicize HIPAA violations
EdgeWave Secure Content Management solutions help you meet HIPAA law requirements by protecting your proprietary patient data from threats and securing your organization's Web and email access efficiently and cost-effectively.
- Easy-to-deploy Web and Email security in variety of delivery options, on-premises appliances, hosted services and hybrid solutions help enforce the HITECH Act
- Circumvention Detection Network stops anonymizer use and leverages exclusive botnet technology to keep dangerous botnets from entering your network
- Remote Internet Filtering provides policy enforcement across distributed networks with ease to manage your Web access no matter where users access your network to help enforce the HITECH Act
- Scalable solutions offer low total cost of ownership and low acquisition pricing to keep budgets in check
- Exclusive Zero-minute email defense stops emerging email threats before anyone else knows they exist so they can't cause HIPAA violations
- Data Loss Protection (DLP) uses proprietary technology to prevent sensitive data from leaving your network
- Email Continuity and Archive provide disaster recovery and long-term storage to support regulatory and AUP compliance