Importance of Being HIPAA / HITECH compliant


Published on

Managing the regulatory compliance requirements that governs IT security is an essential aspect of the IT security and compliance activities.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Importance of Being HIPAA / HITECH compliant

  1. 1. Importance of Being HIPAA / HITECH compliant Managing the regulatory compliance requirements that governs IT security is an essential aspect of the IT security and compliance activities. From HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach Bliley Act) to the Sarbanes-Oxley, IT security compliance programs have become very diverse these days. If you are a large or a medium scale medical and healthcare provider, a hospital, or an institution that conducts medical research and are involved with patient health information, then you are taken to be a “Business Associate” or a “Covered Entity” under the HIPAA/HITECH compliance guidelines. In such cases, your organization needs to maintain the IT security and compliance according to the policies that are set up by the HIPAA and HITECH acts. HIPAA, known as Health Insurance Portability & Accountability Act of 1996 was set up with certain objectives in mind. They are to :- · Improve the continuity and portability of health insurance coverage · Help in the easy exchange of electronic data · Reduce costs through improved efficiency, effectiveness and standardization · Ensure that all personal health records are confidential HITCH, known as Health Information Technology for Economic and Clinical Health Act was established in 2009 and made some essential changes to HIPAA. HITECH provides incentives for making use of health records and also has implements strict notification processes. Simultaneously, it tightens the enforcement laws, maximizes the penalties and alters the liabilities and accountabilities of the Covered Entities and Business Associates. According to HITECH, a security breach means "The unauthorized acquisition, access, use, or disclosure of protected health information, which compromises the security or privacy of protected health information— except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information”. Keeping this in mind, an automated HIPAA/HITECH compliance management solution must comprise of the following:- · Ongoing security and compliance in addition to real-time monitoring · Multiple regulation harmonization · A “ready-to-use” packaged content, regulations, assessment questions, best practices and the capacity to customize fast · Provide extensive reports, such as compliance and risk reports on demand · Single and centralized repository for every compliance related evidence · Easy to use and implement · Support both HIPAA and HITECH regulations. · Comply with requirements for Covered Entities (CE's) and Business Associate (BA's). According to a Forrester research, compliance of all types has become an important aspect of data security programs. Most organizations that Forrester surveyed had agreed on the fact that the data privacy laws, data security regulations and data breach guidelines are the main aspects of IT security and compliance programs. In the recent times emphasis has also been given to IT-GRC (governance, risk and compliance) that organizations cannot ignore. Check out - IT Compliance Management