What is a Health Insurance Portability and Accountability Act (HIPAA)?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
Applicability
HIPAA is applicable to:
Directly Affected from HIPAA Non-Compliance
All organizations that directly maintain and transmit protected health information. These include health care providers, hospitals, physician practices, dental practices, health plans, laboratories, health care clearing houses, pharmacies, etc.
Indirectly Affected HIPAA Non-Compliance
All third-party vendors and business partners that perform services on behalf of or exchange data with those organizations that directly maintain and/or transmit protected health information. Examples are accountants, lawyers, medical answering services, consultants, billing agencies, etc.
Objective
The objectives of HIPAA are:
- Standardization of electronic patient/ health, administrative and financial data
- Unique health identifiers for individuals, employers, health plans and health care providers
- Security standards to provide physical, technical and administrative safeguards to protect the integrity, availability and confidentiality of health information.
- Privacy standards to ensure administrative and physical safeguards to protect the privacy and confidentiality of health information, and to protect against unauthorized access.
Approach
Our approach has been covered in a 4-phases. These include:
Phase 1: Governance & Planning
Phase 2: Gap Analysis
Phase 3: Implementation
Phase 4: Privacy Compliance, Risk Management Framework & Audit
Why CyberSRC®?
Established in January 2018, CyberSRC Consultancy offers the full machination of cyber security services ranging from threat intelligence, VMS to general advisory services in areas pertaining to Cyber security such as vulnerability attacks, compliance, and cyber security regulations, and laws. We are into system audits such as ISNP Audits, NBFC Audits, UCB Audits, PPI Audits, and SEBI Audits. We provide our solutions with better accountability. We are a certified assurance firm. We are an ISO 27001 certified organization, backed by a very diverse and dynamic team which have a combined experience.