HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is also known as the Kennedy-Kassbaum Act as well, and compliance to it was expected by all organizations by April 14, 2003.
What is HIPAA’s purpose?
This act is meant to keep health-care data secure and confidential from unauthorized access. It accomplishes this through the establishment and the enforcement of certain created standards, which also include how electronic information is shared.
Who does HIPAA impact?
Anyone who comes in contact with individuals’ health care information—this includes health clinics, doctor’s offices, universities, hospitals, life insurers and all organizations related to health-care—are impacted by HIPPAA and are required to observe it legally.
HIPAA Fines and Penalties
Imprisonment of ten years and, or, up to $250,000 in fines can await any organization or person for violating the HIPAA law. The violation is by misusing (knowingly) a client’s information.
HIPAA and Computer Information Security
Since health-care information can be shared electronically between organizations—or stored electronically in computer filing systems—HIPAA law requires that this information be made as secure in this environment as a locked office, and to have procedures and policies in place to safeguard the security measures taken to this end. In addition, HIPAA dictates the need for an organization to be assessed comprehensively regarding its information security policies, procedures, and systems.
HIPAA and Electronic Signatures
Given the emergence of the electronic medium of communication, it only stands to reason that electronic signatures would become another necessary component of sharing medical information between organizations.
And HIPAA has not only recognized that need, it has attempted to address it in the standards guidelines it has created for this type of authorization. These guidelines seek to ensure user authentication, message integrity and nonrepudiation (the person signing electronically cannot claim it was not them that gave authorization).
HIPAA and Technology
No specific security technology is mandated through HIPAA. The focus is on the expectation that appropriate measures will be taken to keep health-care related data secure and transmitted via secure means—and upon appropriate authorization approvals only.
HIPAA and You
So, regardless of whether you work in the medical field or information or computer security, personal knowledge of HIPAA is important. Sure, those professions need to be aware of HIPAA for professional reasons; so if you are employed in one of those fields you need to observe HIPAA. But everyone needs to be aware of HIPAA for personal reasons too, since we all visit doctor offices and hospitals at some point in our lives, and a respect for our privacy needs to be maintained in those cases too.