Dec 20, 2008
Download In keeping with the Health Insurance Portability and Accountability Act, Public Law 104-191 (HIPAA), which was adopted in 1996, all American organizations that use the personal medical data of citizens are required to guarantee the confidentiality of that information. HIPAA requirements are mandatory for medical institutions, medical insurance companies, government agencies, and other organizations that have access to private medical records. The privacy and security requirements set out in HIPAA have also been included in two additional statutory acts. First, there is the HIPAA Privacy Rule (Standards for Privacy of Individually Identifiable Health Information). This document requires that the confidentiality of absolutely all medical data be maintained, whether the data is in paper or electronic format or even if the information was pronounced out loud by a doctor. In general, the HIPAA Privacy Rule focuses on general issues of ensuring the protection of medical data, such as cases in which data is disclosed to third parties or organizations. Second, there is the HIPAA Security Rule (Health Insurance Reform: Security Standards). This document contains more detailed requirements for the protection of electronic medical records and describes the necessary policies and procedures. Violation of HIPAA provisions is punishable with both civil and criminal liability. This white paper will review the requirements of the HIPAA Security Rule, which has an impact on a company's information infrastructure and the security means used therein.