HIPAA Compliance: Risk Analysis & Mitigation Strategies

The Health Insurance Portability and Accountability Act (HIPAA) prompted the HHS to issue the rules on the specific areas of HIPAA. These rules define uniform standards for transferring health information among healthcare providers, health plans, and clearinghouses while securing health information and ensuring patient privacy and confidentiality. These rules were complemented in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act that further detail how the healthcare industry is required to address the technical and non-technical safeguards that organizations (the so-called CEs i.e. covered entities) must put in place to secure individuals’ electronic Protected Health Information (ePHI).