HIPAA / HITECH Compliance Consulting Services
With a growing reliance on information technology in the Healthcare Industry and the adoption of electronic medical records (EMR), it is crucial to ensure the safe handling of sensitive data. The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules define requirements for the appropriate use and safeguarding of protected health information (PHI). The Health Information Technology for Economic and Clinical Health (HITECH) Act provisions, which were enacted as part of the American Recovery and Reinvestment Act in February 2009, includes updates to the HIPAA Standards and were enacted to strengthen the privacy and security of health information.
The HIPAA Security Rule’s requirements are organized into three categories: Administrative Safeguards, Physical Safeguards, and Technical Safeguards. Within these categories are 18 standards and 36 implementation specifications. Implementation specifications are further categorized into “Required” and “Addressable”. Required specifications are critical and must be implemented. Addressable specifications are considered scalable based on the individual needs and practices of an entity. The Security Rule’s focus is on the safeguarding of electronic Protected Health Information (e-PHI).
While the Security and Privacy Rule both share the common goal of safeguarding Protected Health Information (PHI), the Privacy Rule applies to all media types including paper, oral, or electronic. The Privacy Rule requires organization to consider the confidentiality, integrity, and availability of PHI. Further, procedures need to be in place to address the use and disclosure of PHI, notice of privacy practices, and minimum necessary approach to using PHI.
Sunera can perform an assessment to evaluate an organization’s compliance with the HIPAA Security and Privacy Rule requirements, HITECH Act provisions (i.e. breach notification), as well as your overall security and data privacy posture.
