HIPAA security Rule

The HIPAA Security Rule was originally enacted in 2004 to provide safeguards for the confidentiality, integrity and availability of electronic PHI – both at rest and in transit. The introduction of the HIPAA Security Rule was, at the time, intended to address the evolution of technology and the movement away from paper processes to those managed by computers.

The HIPAA Security Rule was described by the Health and Human Resources´ Office for Civil Rights as “an ongoing, dynamic process that will create new challenges as covered entities´ organization and technologies change”. Although few changes were introduced in the Final Omnibus Rule of 2013, adherence to the HIPAA Security Rule took on a new importance with a revision to the criteria for reporting a breach of PHI.

Whereas prior to 2013, covered entities only had to report a breach of PHI if the breach presented a significant risk of harm to the patient´s finances or reputation; breaches, losses and inappropriate disclosures of PHI now have to be reported to the Office of Civil Rights unless it can be proven “there is a low probability that the data will be used improperly”.

As a result of this revised criteria – an increase in fines for a breach of PHI and the extension of the HIPAA Security Rule to cover “Business Associates” – healthcare organizations and other HIPAA covered entities started to look more closely at the administrative, physical and technical safeguards of the HIPAA Security Rule, and implementing appropriate mechanisms to prevent a breach of PHI.

Shape Image

We are here to help

Please send us your queries at info@thesecurityowl.com

Let’s Talk

Copyright @2021 The Security Owl. All Rights Reserved. Designed By Innobayt Solutions