​​Need help? Call Us: (805) 505-7375                  Check Novesh's Event Calendar for our Exciting Cybersecurity Workshops at Thousand Oaks City Hall.         

Medical professional holding digital tablet

What is HIPAA Compliance?

The Health Insurance Portability and Accessibility Act (HIPAA) is a regulation designed to protect patients’ healthcare information within the US. Certain organizations that have access to protected health information (PHI) are required to implement the security controls, processes, and procedures outlined in the HIPAA compliance

Who needs to be HIPAA compliant and why?

HIPAA defines two types of organizations that are required to comply with its requirements:

  • Covered Entities: HIPAA defines “covered entities” as healthcare organizations and their employees that have access to PHI. This includes doctors, nurses, and insurance companies.
  • Business Associates: Under HIPAA, “business associates” are organizations that provide services to covered entities that involve access to PHI. For example, an organization that handles billing for a healthcare provider has access to patients’ names, addresses, etc., which are protected as PHI under HIPAA. 

The Data Protected Under HIPAA

HIPAA is designed to protect PHI provided by patients to covered entities and their business associates. HHS defines eighteen types of PHI identifiers, including:

  1. Name
  2. Address
  3. Key Dates 
  4. Social Security Number
  5. Telephone number
  6. Email address
  7. Fax number
  8. Health plan beneficiary number
  9. Medical record number
  10. Certificate/license number
  11. Account number
  12. Vehicle identifiers, serial numbers, or license plate numbers
  13. Device identifiers or serial numbers
  14. IP address
  15. Web URLs
  16. Full-face photos
  17. Biometric identifiers such as fingerprints or voiceprints
  18. Any other unique identifying numbers, characteristics, or codes

If you need more info about these services, please contact us.