What is HIPAA compliance?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law for the United States of America. It was primarily established to:
- Improve portability and continuity of health insurance coverage. Portability means insurance coverage is maintained when an individual takes a job with a new employer
- Combat waste, fraud, and abuse in health insurance and health care delivery.This includes implementing the Privacy Rule, Security Rule, and BreachNotification Rule
- Promote the use of medical savings accounts by standardizing the amount that may be saved per person in a pre-tax savings account
- Improve access to long-term care services and coverage. This includes coverage of individuals with pre-existing conditions
- Clarify tax deductions for employers and other tax revenue items
SEE ALSO: How Much Does HIPAA Compliance Cost?
HIPAA has come to be associated with the HIPAA Privacy and SecurityRules. The HIPAA Act is composed of five parts (or titles). These align with the purposes for the law’s enactment in the previous list:
- Title I: Health Care Access, Portability, and Renewability
- Title II: Preventing Health Care Fraud and Abuse; AdministrativeSimplification; Medical Liability Reform
- Title III: Tax-Related Health Provisions
- Title IV: Application and Enforcement of Group Health Plan Requirements
- Title V: Revenue OffsetsYou might be more familiar with Title II of HIPAA, since this is where the privacy and security of patient data is described.
Is HIPAA compliance training working?
According to SecurityMetrics’ 2020 HIPAA survey data, organizations are getting better at internal security measures like email security and employee training–with a 38% decrease in practices sending patient data over email and a 8% increase in annual employee training. In other areas, healthcare continues to struggle with HIPAA and patient data security.
For example, in 2019, only 58% of health practices conducted formal risk assessments and in 2020, only 40% did so.
If you work at a health organization, you’re familiar with the unique challenges faced when complying with HIPAA requirements, especially Security, Privacy, and Breach Notification Rules. Healthcare practices and networks are busy, vary in size and resources, and are frequent data breach targets. And, security issues in 2020 and 2021 were further compounded by the COVID-19 crisis.
On top of these challenges, employees at health organizations often wear many hats. Practice owners, receptionists, and sometimes even medical personnel are tasked with overseeing data security compliance. Configuring firewalls, securing Wi-Fi, protecting remote access, ensuring adequate encryption, running employee trainings, and providing HIPAA privacy notices to patients are just a few of the requirements you may be expected to manage.
SEE ALSO: Are Your Emails HIPAA Compliant?
2021 SecurityMetrics Guide to HIPAA Compliance
For these reasons, we created our 2021 Guide to HIPAA compliance to help you close gaps in security and compliance, ultimately helping you avoid a data breach.
Our HIPAA Guide is a free, trusted resource that will help you understand and implement security measures to keep protected health information (PHI) safe.
The 2021 HIPAA Guide has been updated to include:
- HIPAA laws don’t change much from year to year, but auditor insights and perspectives have been updated in the 2021 Guide to reflect what they are seeing at healthcare practices. You will also find guidance on:
You’ll find detailed sections in the 2021 HIPAA Guide to help you with:
- Incident response plans
- PHI encryption
- Business associate agreements
- Mobile device security
- HIPAA-compliant emails
- Remote access
- Vulnerability scanning
- Penetration testing
Principal Security Analyst Jen Stone (MCIS, CCSFP, CISSP, CISA, QSA) says, “Many healthcare organizations understand the importance of HIPAA. They want to ensure the privacy and security of patient data, but they struggle because the law says what to do, not really how to do it. Our HIPAA Guide helps bridge that gap to give healthcare providers and business associates a way to implement policies, procedures, and security controls in a meaningful, HIPAA-compliant way.”
Day-to-day help for the bigger security picture
We intend our guide to be a “deskside” reference for the day-to-day and recurring demands of HIPAA compliance. It’s meant to strike a balance between generally informative and specifically practical. Those who use our guide report that it is, “...thorough and detailed-oriented. Very helpful.”
Another user found that our HIPAA Guide helped them explain HIPAA to the higher-ups, “I love how comprehensive this manual is. It really helped me to articulate to leadership the complexities of HIPPA as it relates to technological infrastructure.”
SecurityMetrics CEO Brad Caldwell says, “The number of cyber attacks on the healthcare sector continues to increase. We update and release our free HIPAA guide each year to help all sizes of organizations in the healthcare sector strengthen and adapt their cyber defense tactics to keep up with insidious hacker threats.”