What is HIPAA Compliance?
The Health Insurance Portability and Accessibility Act (HIPAA) is a regulation designed to protect patients’ healthcare information within the US. Certain organizations that have access to protected health information (PHI) are required to implement the security controls, processes, and procedures outlined in the HIPAA compliance
Who needs to be HIPAA compliant and why?
HIPAA defines two types of organizations that are required to comply with its requirements:
- Covered Entities: HIPAA defines “covered entities” as healthcare organizations and their employees that have access to PHI. This includes doctors, nurses, and insurance companies.
- Business Associates: Under HIPAA, “business associates” are organizations that provide services to covered entities that involve access to PHI. For example, an organization that handles billing for a healthcare provider has access to patients’ names, addresses, etc., which are protected as PHI under HIPAA.
The Data Protected Under HIPAA
HIPAA is designed to protect PHI provided by patients to covered entities and their business associates. HHS defines eighteen types of PHI identifiers, including:
- Name
- Address
- Key Dates
- Social Security Number
- Telephone number
- Email address
- Fax number
- Health plan beneficiary number
- Medical record number
- Certificate/license number
- Account number
- Vehicle identifiers, serial numbers, or license plate numbers
- Device identifiers or serial numbers
- IP address
- Web URLs
- Full-face photos
- Biometric identifiers such as fingerprints or voiceprints
- Any other unique identifying numbers, characteristics, or codes