HIPAA Compliance FAQ

Does HIPAA Apply to my Organization?

What are the Benefits of Compliance?

What is the difference of HIPAA Privacy vs. Security?

What is the HITECH Act and how does it affect my organization?


1. Does HIPAA Apply to my Organization?

a.    HIPAA has always applied to covered entities like health care providers and health plans but the responsibility since the pass of the HITECH act has also incorporated business associates or service providers.  If you record, store or process patient records, you are likely required to be HIPAA compliant.


2.    What are the Benefits of Compliance?

a.    HIPAA compliance is not an optional initiative, but required and enforced through regulatory agencies.  Complying help organizations with the following:

i.    Avoid large fines and penalties

ii.    Reduce threat of a reputation disaster from a privacy breach

iii.    Understand your organizations risk.


3.    What is the difference of HIPAA Privacy vs. Security?

a.    HIPAA regulation has a Privacy and Security component and are both required.  Although they are different, they share similar purposes.

i.    HIPAA Privacy rule focuses on the right of an individual to control the use of his or her personal information.  HIPAA the regulation has set the foundation that PHI should not be divulged or used by others against their wishes unless ordered by the court of law.  The Privacy rule covers PHI in all formats including electronic, paper and oral communications.  Organizations are required to enforce the confidentiality of PHI and physical security of PHI is instilled throughout the Privacy rule.

ii.    HIPAA Security rule focuses on the administrative, technical and physical safeguards specifically as they relate to electronic PHI (ePHI).  Protection of ePHI data from unauthorized access, whether external or internal, stored or in transit, is all part of the security rule.  The HIPAA Security rule has 18 standards and 36 implementation specifications as a component of the Security rule compliance.


4.    What is the HITECH Act and how does it affect my organization?

a.    The Health Information Technology for Economic and Clinical Health (HITECH) Act was issued on August 24, 2009 and became effective September 23, 2009.  HITECH change how certain rules with HIPAA are enforced and certain other requirements of organizations that handle PHI.  Below are some of the highlighted new requirements

i.    HITECH now enforces not only health care providers and health care plans, but all associated Business Associates for these organizations.  If you provide direct services for an health care organization, you are likely responsible to now comply with HIPAA

ii.    Report of PHI breaches were not required in all circumstances, however effective February 17, 2010, organizations who fail to report a breach as defined by HITECH will be issued hefty sanctions.

More Information