The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule which established standards that address the use and disclosure of individuals’ health information – known as protected health information (PHI) – by entities subject to the Privacy Rule.
The Security Rule protects a subset of information covered by the Privacy Rule – namely, all individually identifiable health information that a covered entity creates, receives, maintains, or transmits in electronic form (e-PHI).
To comply with the HIPAA Security Rule, all covered entities must do the following:
• Ensure the confidentiality, integrity, and availability of all electronic protected health information
• Detect and safeguard against anticipated threats to the security of the information
• Protect against anticipated impermissible uses or disclosures
• Certify compliance by their workforce
The HHS Office for Civil Rights enforces HIPAA rules, and a HIPAA violation may result in civil monetary or criminal penalties.
Protecting Health Information
As covered entities improve the quality and efficiency of patient care by moving to more computerized and networked systems, and as the use and sharing of electronic patient data increases, there is a greater need for data security which reflects why HIPAA compliance is more important than ever. Therefore, covered entities – such as healthcare providers, health plan providers, healthcare clearinghouses – and their subcontractors, or persons and associations associated with a covered entity, that deal with PHI must have physical, network, and process security measures and practices in place to ensure HIPAA compliance is maintained at all times.
Entities covered by HIPAA must implement strong data security safeguards in their environments, and in particular, comply with the Security Rule to ensure the confidentiality, integrity, and availability of all of the ePHI they create, receive, maintain or transmit
Accurately assess HIPAA Compliance with Nipper
Audits: Firewalls | Switches | Routers
Saving you significant time and resources, Nipper is easy to configure for HIPAA Security Rule assessment and integrates with SIEM/SOAR systems for a network-wide view of compliance