The Health Insurance Portability and Accountability Act, often referred to by its acronym HIPAA, is a federal law regulating the United States healthcare system. The primary purpose is to protect the privacy and security of individuals’ health and medical information, namely Protected Health Information (PHI), and give certain inherent rights to that information.
While not much has changed in the world of HIPAA compliance since 2013, it still has a long history of multiple changes. Keeping abreast of changes is key to remaining compliant, meaning HIPAA compliance is definitely not ‘set it and forget it.’
Major changes over the years include:
This is the first establishment of federal law to protect individually identifiable information.
The Privacy Rule established standards to protect individuals’ private health information while still enabling the flow of information for high-quality health care.
The Security Rule was established in response to the speed of technology innovation. This addendum secures individuals’ private health information while allowing the adoption of technology to improve the quality and efficiency of care.
The Enforcement Rule was enacted to standardize legal responses to HIPAA investigations, violations, and more.
The HITECH Act promotes the usage of health information technology while defining privacy and security details of electronically transferred health information.
The Breach Notification Rule requires covered entities to report a breach of unsecured health information. A breach is defined as, “...an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.”
The Omnibus Rule modifies all previous rules to provide the HHS OCR (U.S. Department of Health and Human Services Office for Civil Rights) with more power to enforce consequences for non-compliance.
HIPAA was enacted in 1996. This landmark legislation was the first of its kind in healthcare compliance. Initially, many understood HIPAA as strictly protecting PHI. But as we advance further into healthcare innovation, ePHI is a priority. As technology advances, HIPAA compliance and adherence must keep up — something easier said than done.
“As more and more service providers turn to electronic means of keeping records, you need solutions to make sure what is away from that environment is encrypted.”
Arvind Mistry, Director of Compliance
Any organization or person who works in or with the healthcare industry or has access to PHI must comply with HIPAA. Healthcare providers and business associates. Examples include:
This legislation even extends to employers who provide health care plans to employees. The bottom line is if you’re not sure, it’s best to adhere to HIPAA.
Having the technical controls in place to protect your data is essential. However, these technical aspects of data security are not without their challenges. Different control types include:
While much of HIPAA compliance relates to protecting digital healthcare-related data, you also need to be concerned with the physical safeguards you have in place to protect data. HIPAA physical safeguard challenges include:
In addition to technical challenges, you’ll also face administrative challenges in your efforts to protect sensitive e-PHI. You must have comprehensive control of the processes associated with data protection. In establishing these processes, you may face the following obstacles:
One challenging aspect of HIPAA compliance that many organizations face is risk assessments. These assessments are conducted regularly to identify vulnerabilities that may exist in your security measures. Once the vulnerabilities have been pointed out, you must take action to address them. Some common challenges with this process include:
Along with the administrative challenges you may face in your HIPAA compliance efforts, you may also face challenges with the process and procedure documentation process. Maintaining documentation of your policies and procedures and keeping those procedures up to date with current compliance regulations can be time-consuming and tedious. Specific challenges include:
“People changed [first]… the rules and regulations followed. It’s a backward process.”
Arvind Mistry, Director of Compliance
While all of these challenges may seem overwhelming, the best way to address many of them is to adopt a secure file-sharing solution. With the right solution in place, you can trust that your expert file-sharing vendor has all the appropriate security measures to protect your data.
Learn more about maintaining HIPAA compliance for your file sharing. Download this HIPAA compliance readiness report and use it to assess your organization.
Learner, Researcher, Customer-focused, and the Chief Revenue Officer & VP of Sales for FTP Today. Brendon has successfully navigated multiple industries and has infrastructure certifications in GCP and AWS. He started his career in Oil & Gas business development and successfully transitioned to Rackspace as a Mid to...