What is HIPAA?

This act is meant to keep health-care data secure and confidential from unauthorized access. It accomplishes this through the establishment and the enforcement of certain created standards, which also include how electronic information is shared.

Anyone who comes in contact with individuals’ health care information—this includes health clinics, doctor’s offices, universities, hospitals, life insurers and all organizations related to health-care—are impacted by HIPPAA and are required to observe it legally.

Imprisonment of ten years and, or, up to $250,000 in fines can await any organization or person for violating the HIPAA law. The violation is by misusing (knowingly) a client’s information.

Since health-care information can be shared electronically between organizations—or stored electronically in computer filing systems—HIPAA law requires that this information be made as secure in this environment as a locked office, and to have procedures and policies in place to safeguard the security measures taken to this end. In addition, HIPAA dictates the need for an organization to be assessed comprehensively regarding its information security policies, procedures, and systems.

Given the emergence of the electronic medium of communication, it only stands to reason that electronic signatures would become another necessary component of sharing medical information between organizations.

And HIPAA has not only recognized that need, it has attempted to address it in the standards guidelines it has created for this type of authorization. These guidelines seek to ensure user authentication, message integrity and nonrepudiation (the person signing electronically cannot claim it was not them that gave authorization).

No specific security technology is mandated through HIPAA. The focus is on the expectation that appropriate measures will be taken to keep health-care related data secure and transmitted via secure means—and upon appropriate authorization approvals only.

So, regardless of whether you work in the medical field or information or computer security, personal knowledge of HIPAA is important. Sure, those professions need to be aware of HIPAA for professional reasons; so if you are employed in one of those fields you need to observe HIPAA. But everyone needs to be aware of HIPAA for personal reasons too, since we all visit doctor offices and hospitals at some point in our lives, and a respect for our privacy needs to be maintained in those cases too.