HIPAA

HIPAA establishes national standards for protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Key Rules

• Privacy Rule - Standards for protecting individuals’ medical records and PHI
• Security Rule - Standards for protecting electronic PHI (ePHI)
• Breach Notification Rule - Requirements for reporting breaches of unsecured PHI
• Enforcement Rule - Provisions for investigations and penalties
• Omnibus Rule - Updates extending requirements to business associates

Security Rule Safeguards

• Administrative - Policies, procedures, and workforce training
• Physical - Facility access controls and workstation security
• Technical - Access controls, audit controls, integrity controls, and transmission security

Compliance Requirements

• Risk analysis and risk management
• Policies and procedures documentation
• Business Associate Agreements (BAAs)
• Workforce training and awareness
• Incident response and breach notification
• Regular security assessments
• Documentation and record retention