This topic paper study is based on the topic HIPAA, its security and privateness regulation demands. The paper will foreground the overview of each regulation and how the security regulation supports the privateness regulation and how they are connected to each other. This overall intent this paper is to give reader a bird ‘s oculus position on HIPAA ordinances, list down security and privateness regulation demands and give them a roadmap on how to implement both the regulations in an organisation puting exemplifying the connexion between privateness and security regulation. In order to better border the paper, the basic overview of HIPAA, security and privateness regulations, their demands and connectivity are explained and illustrated chronologically.
The term “ HIPAA ” stands for Health Insurance Portability & A ; Accountability Act. It was passed in the twelvemonth 1996 by US Congress with a vision and intent to protect confidential wellness information known as Protected Health Information ( PHI ) . The jurisprudence besides fraud and maltreatment of PHI and this applies to assorted organisational organic structures like health care suppliers, clearinghouses, health care programs and any other entity that transmit health care information both electronically and manually. These entities jointly are known as Covered Entity ( CE ) . So the overall intent of HIPAA is to put to death insurance portability, enforce fraud and simplify disposal for the health care industry. Here the administrative simplification implies the privateness and security regulations of HIPAA. ( Sans )
The HIPAA privateness regulation is the regulation that establishes criterions for privateness of separately identifiable wellness information. It gives the way and regulates how covered entities ( CE ) will utilize and unwrap certain wellness information. Now the format of the information could be manual, paper, electronic or any signifiers. The privateness regulation ensures privateness in wide degree and covers all facets of privateness and precautions. ( HIPAA Academy )
In a nutshell, Privacy regulation concepts statement of confidentiality, regulates notice of usage and revelation of PHI, holds the right to inspect transcript and amend medical records subdivision, proctor HIPAA conformity at a broader degree and develops disciplinary steps for HIPAA misdemeanors. ( Kiel )
On the other manus, Security regulation is the regulation that prevents unauthorised entity of acquiring entree to PHI where there is no demand to cognize. The Security Rule regulates the electronic transmittals of PHI to guarantee proper balance between accessible, secured and confidential PHI. Security Rule chiefly controls and encompasses Information Technology Security in a health care industry to set up proficient and operating processs, policies such as individuality direction and entree control to systems, incident coverage, put to deathing qui vives to guarantee a secure environment, back-up programs and virus protection. In a nutshell, the security regulation maps are IT security audit, set uping codifications of behavior and moralss, computing machine use policy, devastation and disposal etc. Security regulation is all about land degree proficient safeguarding and security of computing machine systems that facilitates in set uping privateness to PHI in the long tally. ( Kiel )
In the visible radiation of above treatment, it is clear that privateness regulation and security regulation are slightly connected. Because by analysing the above treatment we can state that in order to guarantee privateness in the health care sphere, proper execution of security is critical. Privacy is the result of security. In another words, privateness regulation tells what security should be making and what needs to be implemented in order for privateness policies to run into. But in an organisational scene it is advised and strongly recommended that privateness regulation execution and security regulation execution sections are detached and should hold no direct connexion in footings of forces and staffs engagement. Now the inquiry comes how security regulation supports privateness regulation to be compliant with HIPAA. ( Beaver, Herold )
In order to better explicate the statement let us exemplify some of the nucleus aims of privateness regulation. Harmonizing to counsel from CDC and US Department of Health & A ; Human Health Services, “ Privacy regulation:
gives patients more control over their wellness information ;
sets boundaries on the usage and release of wellness records ;
establishes appropriate precautions that the bulk of health-care suppliers and others must accomplish to protect the privateness of wellness information ;
holds lawbreakers accountable with civil and condemnable punishments that can be imposed if they violate patients ‘ privateness rights ;
work stoppages a balance when public wellness duties support revelation of certain signifiers of informations ;
enables patients to do informed picks based on how single wellness information may be used ;
enables patients to happen out how their information may be used and what revelations of their information have been made ;
by and large limits release of information to the lower limit moderately needed for the intent of the revelation ;
by and large gives patients the right to obtain a transcript of their ain wellness records and petition corrections ; and
empowers persons to command certain utilizations and revelations of their wellness information ” . ( CDC )
Security Rule helps privateness regulation to run into the above aims by set uping precautions to PHI in electronic signifier merely and that is a subset of the PHI that falls under Privacy Rule. That is, Privacy Rule covers protection of both paper based and electronic version of PHI transmittal. In this instance, Security regulation ensures merely E-PHI privateness by set uping the undermentioned criterions and specification:
Administrative Precautions: This designs the policies and processs to demo how covered entity will follow with the regulation and act. It is concerned with the security direction by leveraging security officer, set uping workforce security, information entree direction, developing work force on the usage of systems and PHI, eventuality program, password direction and security monitoring and qui vives to guarantee E-PHI transmittal is suitably handled to run into the related privateness regulation demand stated above.
Physical Precautions: It helps in pull offing physical entree control to protect unauthorised entree to e- PHI. It focuses on guaranting edifice installations entree are decently control as per mandate, establishes workstation usage and security. It creates a guideline on how to utilize the digital media and their disposal after usage.
Technical Precautions: It refers to the computing machine systems in the health care organisation and policies and processs for its proper usage that would protect E-PHI and command entree to it. The following are the intent of the proficient precautions under security regulation:
Controling Information Systems Access where PHI is deployed and must be protected from invasion. It ensures it by coding entree information.
It make certain that every covered entity is held responsible for guaranting that the PHI related information has non be modified or fabricated without proper mandate and valid ground.
It validates informations unity by puting up a mechanism to back E-PHI.
It establishes transmission security by first authorising unity and so by coding transmittal informations so that it can non be accessed by adult male in the center.
So supra are the three chief precautions which must be followed measure by measure in order to implement the security regulation individually than the privateness regulation. But one time the above demands are decently implemented and outlooks are met, all the privateness regulation aims stated and analyzed earlier will be met every bit good since all those are connected and dependent on security regulation demands. Thus we can see and hold what the text edition “ The Practical Guide to the HIPAA Privacy and Security Compliance ” by Kevin Beaver and Rebecca Herold says about Security and Privacy “ Security is a procedure, privateness is a effect. Security is action, privateness is a consequence of successful action. Security is a status, privateness is a forecast. Security is the scheme, privateness is the result. Privacy is the province of being, security is the fundamental law back uping the being. Security is the tactical scheme, privateness is the contextual strategic aim. Security is the certain envelope, privateness is the successful bringing of the message inside the envelope ” . ( Beaver, Herold )
To further explicate the above illustrations let us take an application illustration. Say we install a Practice Management System ( PMS ) in a physician office to be used by staffs and doctors to carry on their activities utilizing the system. Privacy regulation says all the covered entity must protect the privateness of wellness information or PHI. Since PMS is a package system where PHI are electronically stored and transmitted, it is indispensable that the mentioned privateness demand is met. In order to run into this demand, security regulation will play a critical regulation by set uping entree controls to this PMS seting concern regulations based on functions at the doctor ‘s office. The proficient precautions under security regulation will make entree control saying which staff can entree what constituent of the PMS and what can PHI can be transmitted and amended. It will besides log audit trails based on each activities.
In the decision we can state that security is kernel to privateness regulation. Privacy regulation is impossible without security regulation. Thus we can state that security regulation supports privateness regulation to run into its aim. The treatment besides tells us the execution methods and what to see while implementing security regulation.
Ball, M. J. , Weaver, C. A. & A ; Kiel, J. M. ( 2004 ) . The Health Insurance Portability and Accountability Act: Confidentiality, Privacy, and Security. Health Information Management Systems Cases, Strategies and Solutions ( Third pp. 368-381 ) . New York, NY: Springer
Beaver, K. , & A ; Herold, R. ( 2004 ) . The Relationship between Security and Privacy. In K. Beaver, & A ; R. Herold ( Eds. ) . The Practical Guide to HIPAA Privacy and Security Compliance ( pp. 35-42. ) . Florida: Auerbach.
SANS: Information Security Policy Templates. ( 2009 ) . Retrieved January 16, 2010 from The SANSa„? Institute, Information Security Policy Templates: hypertext transfer protocol: //www.sans.org/aˆ‹security-resources/aˆ‹policies/aˆ‹ # hipaa.
Thacker, S. B. ( 2003 ) . HIPAA Privacy Rule and Public Health: Guidance from CDC and the U.S. Department of Health and Human Services. Retrieved January 17, 2010 from Department of Health and Human Services, CDC: hypertext transfer protocol: //www.cdc.gov/aˆ‹mmwr/aˆ‹preview/aˆ‹mmwrhtml/aˆ‹m2e411a1.htm.
Waggoner, L. ( 2004 ) . HIPAA Security Rule Overview. Retrieved January 16, 2010 from Ecfirst, Inc, HIPAA Academy: hypertext transfer protocol: //www.hipaaacademy.net/aˆ‹consulting/aˆ‹hipaasecurityruleoverview.html.