Conforming to HIPAA Privacy and Security Rule
Database professionals have to conform to two security regulations, viz., the HIPAA Privacy Rule and the HIPAA Security Rule.
The Privacy Rule protects all individually identifiable protected health information (PHI) maintained by the Covered Entity. The PHI data includes those which are related to the individual’s past, present or future physical or mental health or condition or the provision of health care to the individual or the past, present, or future payment for the provision of health care to the individual.
It is not specially confined to electronic information and applies equally to written records, telephone conversations, etc.
On the other hand, the Security Rule covers the security of electronic protected health information (ePHI). It prescribes a number of required policies, procedures and reporting mechanisms that are to be conformed by all information systems that process ePHI within the Covered Entity. It also prescribes a number of required and addressable implementation specifications designed to protect the confidentiality, integrity and availability of ePHI within the enterprise. These specifications fall into five categories:
Administrative Safeguards, Physical Safeguards, Technical Safeguards, Organizational Requirements and Policies and Procedures.
HIPAA should not be considered as a headache, but it should be viewed as an opportunity to focus on the security of your databases. The procedural requirements of HIPAA only apply to specific PHI/ePHI data, but they’re reliable best practices for all of your data.
Subscribe to the comments for this post