Protected Health Information!!! WE ARE COMPLIANT!!!
HIPAA compliance is the process that business associates and covered entities follow to protect and secure Protected Health Information (PHI) as prescribed by the Health Insurance Portability and Accountability Act. That's legalese for “keep people's healthcare data private.”
Despite the intentionally vague HIPAA requirements, every Covered Entity and Business Associate that has access to PHI must ensure the technical, physical and administrative safeguards are in place and adhered to, that they comply with the HIPAA Privacy Rule in order to protect the integrity of PHI, and that – should a breach of PHI occur – they follow the procedure in the HIPAA Breach Notification Rule.
All risk assessments, HIPAA-related policies and reasons why addressable safeguards have not been implemented must be chronicled in case a breach of PHI occurs and an investigation takes place to establish how the breach happened. Each of the HIPAA requirements is explained in further detail below. Business unsure of their obligation to comply with the HIPAA requirements should seek professional advice.
The HIPAA Security Rule contains the standards that must be applied in order to safeguard and protect electronically created, accessed, processed, or stored PHI (ePHI) when at rest and in transit. The rule applies to anybody or any system that has access to confidential patient data. In this case “access” is interpreted as having the means necessary to read, write, modify, or communicate ePHI, or any personal identifiers that could reveal the identity of an individual.