Health care institutions are required by law to protect the privacy of protected health information. This is all done in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economical and Clinical Health (HITECH).
As the healthcare industry continues to embrace technology through measures like electronic healthcare records, the demand for information security increases. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is designed to improve the security of the health care system and reduce the incidence of fraud. Recognizing the risks associated with not securing personal information, HIPAA contains regulations for information privacy and network system security. Above all else, the focus of HIPAA is to ensure the secure electronic transfer of patient healthcare information. As of April 2006, all healthcare providers must be compliant with HIPAA.
The HITECH Act extends HIPAA’s privacy and security requirements to business associates and augments notification requirements when PHI is breached or disclosed. For breaches that affect 500 or more individuals, organizations must notify affected individuals, the U.S. Department of Health & Human Services, and the media. For breaches that affect less than 500 individuals, organizations must notify the U.S. Department of Health & Human Services annually.
Due to the wide-range of HIPAA and HITECH regulations, compliance requires a comprehensive effort by the entire organization. These efforts include the development of internal policies, training, and auditing of both personnel and practices. Healthcare organizations must comply with HIPAA and HITECH’s technology risk management and information security standards, or face strict penalties or even loss of accreditation. However, providing documentation on policies and procedures such as risk assessment, incident reporting, and system auditing, poses tough challenges to an organization. Intersec Worldwide has the ability to ease the burden placed on healthcare organization by HIPAA.
Intersec offers a complete line of services to aid you in HIPAA and HITECH compliance including:
- Policy Development
- Risk Assessment
- Penetration Testing
- Vulnerability Scanning