Here at Sucuri, our goal is to ensure that you have a solid understanding of HIPAA compliance and how it affects your data, and your company as a whole.
The Health Insurance Portability and Accountability Act (HIPAA) regulates Protected Health Information (PHI). This information is most likely to be found at health clinics and hospitals.
There are three primary sets of requirements of HIPAA compliance to key in on:
Notice the mention of electronic PHI. Another thing to consider is that electronic protected health information (ePHI) is defined as any Protected Health Information (PHI) that is created, stored, transmitted, or received electronically. In our growing digital landscape, this is practically a given.
For the purposes of this guide, we’ll highlight a checklist of items to ensure you’re meeting these requirements.
Examples of the type of data these institutions may be handling include:
If we dive further into HIPAA security requirements of the data involved, you’ll need to ensure you’re monitoring into the following forms of data that can be included as part of a HIPAA compliance checklist.
This is regardless of whether you share this information digitally, in written form, or whether you speak to another unauthorized individual.
In short, your organization is. More importantly, whether the PHI must be authorized or not, your organization must always release only as much data is absolutely necessary to address the need of the entity requesting the information (what the regulation refers to as the “minimum necessary” information to satisfy the inquiry).
In terms of HIPAA security compliance, Section 164.312 (a) (1) which requires organizations to establish procedures to maintain their systems from suffering unauthorised access. This would include preventing attackers from accessing data by gaining access through a vulnerable server and triggering a HIPAA security incident.
164.312 (a) (1) Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).
Other elements of the HIPAA rules standards which would also be applicable are 164.306 (a) (1-3) and 164.308 (a) (1) and (5). These are more generalised elements which refer to security and safeguards, which of course would be relevant to 164.312 (a) (1) as not allowing unauthorised access to records is essential to security and safeguarding of information.
What makes Sucuri the best website security for businesses and developers?
Thought Leaders in Website Security
Sucuri Labs offers unique insights that together with our Sucuri Blog help millions of website owners protect their property. This has earned us press and media mentions from top news outlets, industry blogs, and cybersecurity journalists.