Regulatory Compliance should be a by-product of good information security. Our experts know where the two should meet.

You are here

Services > Regulatory Compliance > Health Insurance Portability and Accountability Act – HIPAA Compliance

Health Insurance Portability and Accountability Act – HIPAA Compliance

Originally passed in 1996, the Health Insurance Portability and Accountability Act was intended to increase the efficiency and effectiveness of the health care system. The improvements included Administrative Simplification provisions that required the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions. With the increasing use of technology there would inevitably be erosion in the privacy of health information, and an increase in risk of disclosure of that information.

Recognizing this risk, Congress incorporated  HIPAA compliance provisions that mandated the adoption of Federal privacy protections for individually identifiable health information. In December of 2000 the HHS published a final regulation in the form of the Privacy Rule, which became effective on April 14, 2001. The Privacy Rule of the Health Insurance Portability and Accountability Act set national standards for health plans, health care clearing houses and health care providers in dealing with the protection of health information. In order to attain HIPAA compliance, entities must implement standards to protect and guard against the misuse of individually identifiable health information. Failure to comply with HIPAA requirements may, under certain circumstances, trigger the imposition of civil or criminal penalties. The final date for HIPAA compliance was April 14, 2003, and April 14, 2004, for small health organizations.

In addition to the Privacy Rule, Health Insurance Portability and Accountability Act also requires the adoption of standards for the security of electronic protected health information (ePHI) to be implemented by health plans, health care clearinghouses, and certain health care providers. The security requirements for compliance with HIPAA stipulate that the aforementioned entities have to establish Administrative, Technical and Physical safeguards by April 21, 2005, April 21, 2006 for small health organizations.

Enterprise Risk Management’s extensive experience working in various domains of information security allows us to assist organizations to meet HIPAA compliance in the correct and efficient manner.