Providing HIPAA Compliance in Healthcare sectors
What is HIPAA Compliance?
The Health Insurance Portability And Accountability Act (HIPAA) was signed into law in the year 1996. It provides security provisions and data privacy, in order to keep patients’ medical information safe. The act contains five titles, or sections, in total.
Who Does It Apply To?
- Healthcare Providers *
- Business Associates or Contracts
Scope of Regulation
The HIPAA Privacy Rule protects all fields of ‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Rule calls this information Protected Health Information (PHI). Information such as name, address, birth date, Social Security Number, address, past medical history etc. HIPAA mandates that this type of information must be protected.
Core Requirement
Most of the time, in IT circles, people who refer to HIPAA compliance mean adhering to the Title II. it is also known as ‘Administrative Simplification’ provisions, and includes following the HIPPA requirements.
HIPAA Privacy Rule
This rule aims to establish national standards that protect patients’ health information, make sure any individually identifiable information is safe.
HIPAA Data Rule
This rule sets standards for patients’ data security as well.
CloudOptics Compliance Controls Monitoring
With the introduction of cloud, complying with HIPAA while protecting the Electronic Protected Health Information (ePHI) is becoming more complex, placing an additional burden on work force and budget.
CloudOptic’s HIPAA Compliance Services ensures that technical controls are in place to protect ePHI and facilitate HIPAA compliance including AWS & HIPAA, Azure & HIPAA and GCP & HIPPA and also establishes proper implementation of user controls.
Data Security
Data protection in transit & at rest. Monitor mechanism to encrypt and decrypt electronic protected health information.
User Access Controls
Implement, monitor procedures to verify that a person or entity seeking access to ePHI is the one claimed
Network Controls
Implement, monitor mechanisms that examine activity in information systems that contain or use electronic protected health information
Continuous Monitoring
Continuous visibility and monitoring of all infrastructure configurations with actionable insights