The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules define requirements for the appropriate use and safeguarding of protected health information (PHI). These requirements along with the provisions of the HITECH Act create a significant challenge for organizations that manage or impact the security of medical records and other personal health information.

Health Insurance Portability and Accountability Act

The Need for HIPAA Compliance

HHS points out that as health care providers and other entities dealing with PHI move to computerized operations, including computerized physician order entry (CPOE) systems, electronic health records (EHR), and radiology, pharmacy, and laboratory systems, HIPAA compliance is more important than ever. Similarly, health plans provide access to claims as well as care management and self-service applications. While all of these electronic methods provide increased efficiency and mobility, they also drastically increase the security risks facing healthcare data.

The Security Rule is in place to protect the privacy of individuals’ health information, while at the same time allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. The Security Rule, by design, is flexible enough to allow a covered entity to implement policies, procedures, and technologies that are suited to the entity’s size, organizational structure, and risks to patients’ and consumers’ e-PHI.