A growing reliance on information technology in the healthcare industry and the adoption of electronic medical records makes it is crucial to ensure the safe handling of sensitive data.

 

The Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules define requirements for the appropriate use and safeguarding of protected health information (PHI). And the newer Health Information Technology for Economic and Clinical Health Act's (HITECH) provisions, enacted as part of the American Recovery and Reinvestment Act in February 2009, updates HIPAA Standards to strengthen the privacy and security of PHI.

 

HIPAA’s Security Rule’s requirements are organized into three categories:

 

   > Administrative Safeguards,
 

   > Physical Safeguards, and
 

   > Technical Safeguards,
 

within which are 18 standards and 36 implementation specifications that are either “required” (meaning that they are critical and must be implemented) or “addressable” (meaning that they can be implemented to a lesser or greater degree according to the individual needs and practices of an entity).
 

The focus of the Security Rule is on safeguarding electronic Protected Health Information (ePHI) while the Privacy Rule also considers ePHI as well as information recorded in other ways, such as on paper or orally. Under the Privacy Rule organizations need to consider the confidentiality, integrity, and availability of PHI, and procedures need to be in place that govern the use and disclosure of PHI and required notices.
​