Javascript required
Skip to content Skip to sidebar Skip to footer
Home / What Does the Abbreviation Hipaa Stand for

What Does the Abbreviation Hipaa Stand for

The Fast HIPAA Compliance Checklist for Businesses

CC0/bsdrouin/Pixabay

The introduction of HIPAA in 1996 considerably changed the legal landscape for healthcare providers and related businesses. Since then, businesses of all kinds have consistently worried that non-compliance could leave them exposed to legal liabilities. On the other hand, consumers are often unsure how the law protects them and what benefits, if any, it offers for them.

HIPAA stands for the Health Insurance Portability and Accountability Act. The law governs the safeguarding of certain health information, whether transmitted traditionally or via electronic means.

Businesses and professionals that work with the personal health data of Americans are particularly affected by the regulations. The existence of HIPAA necessitates adherence to a HIPAA compliance checklist that will make sure your business does not run afoul of the law.

Important HIPAA Definitions

To understand HIPAA requirements, you need to be aware of the jargon, in particular, important HIPAA definitions of specific terms. You will likely run into these terms in HIPAA compliance templates and government forms. By far the most important ones relate to PHI and related entities.

  • PHI - Protected Health Information. This is information considered sensitive under the HIPAA requirements. Examples include data linking a user's name to a particular health condition.
  • ePHI - PHI that is transmitted in an electronic format.
  • Covered Entity - a business or organization that is held liable for fulfilling HIPAA requirements.
  • Authorization - a means of obtaining the user's express permission to use the user's PHI.
  • De-identified Data - Data which has been processed to remove personal features that can reveal the identity of an individual.
  • Disclosure - The dissecting of an individual's PHI with parties other than the individual.

As we will see, there are three separate categories of safeguards that a covered entity must fulfill with regards to PHI and other HIPAA requirements. The main compliance items you must address are listed below.

HIPAA Technical Safeguards Your Business Needs to Implement

The first category of safeguards you must implement if you are a covered entity is that of technical safeguards. Technical safeguards, in the context of HIPAA, are requirements for your business to protect access to sensitive information via digital means.

HIPAA Technical Safeguards require that all relevant businesses put in place access controls that limit which individuals and software can access EPHI. You must follow HIPAA guidelines for which categories of people and software are to be allowed access to this EPHI. Once you have verified the definitions of authorized personnel, you must make sure of the following:

  • You must assign unique user IDs and tracking information
  • Implement solution for termination of session after period of inactivity
  • Implement solution for encryption and decryption of EPHI
  • Put in place audit systems to record and probe the activity in a system that handles EPHI
  • Put in place software and or hardware to protect EPHI from improper access

Beyond the Technical Safeguards, you should also check the Physical and Administrative Safeguards required as part of HIPAA.

HIPAA Physical Safeguards your Business needs to Implement

Physical Safeguards for HIPAA specify the protection of physical locations and infrastructure used in the storage and transmission of PHI or EPHI. In a manner analogous to the digital arena, you must manage access and control of areas where sensitive information may be obtained.

The following are some of the physical safeguards you must meet:

  • Limit physical access to facilities in which your company's information systems are housed.
  • Implement visitor control and access control over who can access your facilities based on their role or function.
  • Implement policies to address the final disposition of EHPI as well as media on which it is stored.
  • Maintain records for the movement of hardware or physical components, and who has access or control over it.

HIPAA Administrative Safeguards Your Business Needs to Implement

In addition to the above, your organization must also implement Administrative Safeguards. These specify your organization's responsibility to prevent, detect, and correct, security violations.

As part of these Safeguards, your organization must:

  • Implement procedures to ensure employee access to EPHI is appropriate
  • Terminate employees' access to EPHI when their status within the organization changes or they are no longer part of the organization
  • Provide regular information security reminders
  • Implement the necessary processes and procedures to protect access to EPHI from those individuals who are not supposed to have access to it.

There are business penalties associated with failure to implement or comply with HIPAA regulations. Examples include fines amounting up to $50,000 for a single violation and as much as $1.5 million in a single year. Cases in which fraud is involved may incur prison sentences. Repeated violations of HIPAA will incur more severe penalties.

What Does the Abbreviation Hipaa Stand for

Source: https://www.life123.com/article/the-fast-hipaa-compliance-checklist-for-businesses?utm_content=params%3Ao%3D740009%26ad%3DdirN%26qo%3DserpIndex