HIPAA Definition
The Health Insurance Portability and Accountability Act
HIPAA addresses the security and privacy of health data. The key legislative rules are:
Privacy Rule - covered entities must appoint a Privacy Official and have documented PHI procedures
Security Rule compliments the Privacy Rule with specifics for Electronic Protected Health Information (EPHI).
- Limits access to those with a need to know - all others should not have access to EPHI
- Information systems housing EPHI must be protected from intrusion
- Ensure that the data is not changed or erased in an unauthorized manner
- HIPAA practices must be documented for government review
- Documented risk analysis and risk management programs are required
.
