regarding hipaa rules and regulations

by

Research on HIPAA. Why was it implemented? Who has the responsibility for its oversight? Who/what does it regulate? What are some of the details in the regulation not discussed in the textbook? Also address who this regulation cover

Requirement : a two paragraph (250-word) response, 2 peer reviewed article citation

Details about HIPAA from textbook:

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) became law in 1996. The law protects a person’s privacy. If you handle someone’s health records, you must adheretoHIPAA.Thisincludesdoctor’soffices,hospitals,clinics,andinsurancecompanies. The law recognizes that digital data exchange of health records, such as between insurance companies and doctor’s offices, is a necessity. But in 2013 new restrictions were placed on access to health records by subcontractors and vendors. The law wants to make sure that patient privacy is maintained.

The HIPAA law defines someone’s health record as protected health information (PHI). The term PHI refers to both digital and physical paper copies of health records. Electronic PHI (EPHI) refers to just the electronic form of PHI records. HIPAA establishes privacy rules that outline how EPHI can be collected, processed, and disclosed. There are significant penalties for violating these rules. In 2013 these fines were increased to a maximum $1.5 million per violation. This regulation applies to any covered entity that manages health records, including:

  • Health care providers—Doctors, hospitals, clinics, and others
  • Health plans—Those that pay the cost for the medical care such as insurance companies
  • Health care clearinghouses—Those that process and facilitate billing
  • “business associates”—Vendors and subcontractors of any covered entity

    • For your security policies to be HIPAA-compliant, they must include the following key control requirements:

  • Administrative safeguards—Refers to the formal security policies and procedures that map to HIPAA security standards. It also refers to the governance of the security policies and their implementation.
  • Physical safeguards—Refers to the physical security of computer systems and the physical health records.
  • Technical safeguards—Refers to the controls that use technology to protect information assets.
  • Risk assessment—Refers to a standard requirement of a risk-based management approach to information security