Importance of Staying HIPAA and HITECH Compliant

73 views
63 views

Published on

An integral aspect of IT security is managing the regulatory compliance needs efficiently. Security compliance programs today, like GLBA (Gramm-Leach Bliley Act), HIPAA (Health Insurance Portability and Accountability Act) and the Sarbanes-Oxley are becoming dynamic. Therefore, most enterprises are searching for a comprehensive compliance framework that is cost-efficient and effective.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
73
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Importance of Staying HIPAA and HITECH Compliant

  1. 1. Importance of Staying HIPAA and HITECH CompliantAn integral aspect of IT security is managing the regulatory compliance needs efficiently. Security complianceprograms today, like GLBA (Gramm-Leach Bliley Act), HIPAA (Health Insurance Portability and Accountability Act)and the Sarbanes-Oxley are becoming dynamic. Therefore, most enterprises are searching for a comprehensivecompliance framework that is cost-efficient and effective.If your organization is a large or medium scale medical provider, a hospital or a medical institution havingexperience in health care programs, involved in patient health information (PHI) indirectly or directly, or throughan intermediary, then you are a “Covered Entity” or “Business Associate” as per HIPAA/HITECH rules. Hence yourinstitution needs to achieve and maintain IT security and compliance as per the HIPAA and HITECH guidelines.Business Associates and healthcare providers today need to comply with HIPAA/HITECH compliance policies.HIPAA came into existence to attain the following objectives: To enhance the continuity and portability of health insurance coverage To assist in easy exchange of electronic data To minimize the cost through improved efficiency, effectiveness and standardization To ensure that every personal health record is secured privatelyOn the other hand, HITECH (Health Information Technology for Economic and Clinical Health Act) came into forcein 2009, after making certain modifications to HIPAA. HITECH offers specific incentives for utilizing health recordsand has strict notification guidelines as well. It has also made the enforcement policies stricter and has increasedpenalties and changed liabilities and accountabilities of the Business Associates.HITECH also has its new definition of a security breach -“unauthorized acquisition, access, use, or disclosure ofprotected health information, which compromises the security or privacy of protected health information— exceptwhere an unauthorized person to whom such information is disclosed would not reasonably have been able toretain such information”. Therefore, in order to fulfill the compliance and security needs, companies today shouldimplement appropriate controls for averting unwarranted access and leakage of sensitive patient data. This iswhere compliance management solutions are required to provide guidance and security for every medical activity.An automated HIPAA compliance management solution should have the following features: End-to-end security and compliance with real-time monitoring Multiple regulation harmonization A “ready-to-use” packaged content, regulations, assessment questions, best practices and the capacity to customize quickly Provision of extensive reports, i.e. compliance and risk reports on demand A single and centralized repository for all compliance related evidence Easy to use and implement Supports both HIPAA and HITECH regulations. Complies with the requirements for Covered Entities (CEs) and Business Associate (BAs).Today compliance management solutions that are HIPAA compliant include security and IT-GRC (Governance Riskand Compliance) functions that are required to stay compliant. They have an “easy to adopt” compliancemanagement frameworks and “ready to use frameworks” with high-end context based inference engines,monitoring,high-end alert processing, and logging solutions.Read more on - Aegify Security Posture Management tool, IT Compliance, Vendor Management

×