Posts Tagged ‘HIPAA Privacy’
Conforming to HIPAA Privacy and Security Rule
Database professionals have to conform to two security regulations, viz., the HIPAA Privacy Rule and the HIPAA Security Rule.
The Privacy Rule protects all individually identifiable protected health information (PHI) maintained by the Covered Entity. The PHI data includes those which are related to the individual’s past, present or future physical or mental health or condition or the provision of health care to the individual or the past, present, or future payment for the provision of health care to the individual.
It is not specially confined to electronic information and applies equally to written records, telephone conversations, etc.
On the other hand, the Security Rule covers the security of electronic protected health information (ePHI). It prescribes a number of required policies, procedures and reporting mechanisms that are to be conformed by all information systems that process ePHI within the Covered Entity. It also prescribes a number of required and addressable implementation specifications designed to protect the confidentiality, integrity and availability of ePHI within the enterprise. These specifications fall into five categories:
Administrative Safeguards, Physical Safeguards, Technical Safeguards, Organizational Requirements and Policies and Procedures.
HIPAA should not be considered as a headache, but it should be viewed as an opportunity to focus on the security of your databases. The procedural requirements of HIPAA only apply to specific PHI/ePHI data, but they’re reliable best practices for all of your data.
Subscribe to the comments for this postIs HIPAA Privacy Rule a failure in protecting Patient Privacy?
Institute of Medicine has released a new report on its findings that the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule not only fails to adequately protect the privacy of people’s personal health information but it also hinders important health research discoveries. HIPAA act regulates what uses and disclosures of personally identifiable health information are permitted by health plans, health care
providers, and other entities covered by the regulation.
The report clarifies that the current HIPAA rule is difficult to reconcile with other federal regulations governing research involving people and their personally identifiable information. Based on this report the Institute recommends that Congress should authorize the development of an entirely new approach, separate from the current HIPAA Privacy Rule that would help protect personal health information in research. This new approach should apply privacy, data security, and accountability standards uniformly to information used in all health-related research regardless of who funds or conducts the research.
Again the committee has also stated recommendations in case the policymakers decide to continue relying on the current rule to protect privacy in health research. It recommends a
series of changes to improve the rule and the guidance that the US Department of Health and Human Services (HHS) gives on how to comply with it. In addition, the report urges all institutions conducting health research to strengthen their data protection, including encryption for all laptops, flash drives, and other portable media containing such data.