1. Importance of Being HIPAA / HITECH compliant
Managing the regulatory compliance requirements that governs IT security is an essential aspect of the IT security
and compliance activities. From HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach
Bliley Act) to the Sarbanes-Oxley, IT security compliance programs have become very diverse these days. If you are
a large or a medium scale medical and healthcare provider, a hospital, or an institution that conducts medical
research and are involved with patient health information, then you are taken to be a “Business Associate” or a
“Covered Entity” under the HIPAA/HITECH compliance guidelines. In such cases, your organization needs to
maintain the IT security and compliance according to the policies that are set up by the HIPAA and HITECH acts.
HIPAA, known as Health Insurance Portability & Accountability Act of 1996 was set up with certain objectives in
mind. They are to :-
· Improve the continuity and portability of health insurance coverage
· Help in the easy exchange of electronic data
· Reduce costs through improved efficiency, effectiveness and standardization
· Ensure that all personal health records are confidential
HITCH, known as Health Information Technology for Economic and Clinical Health Act was established in 2009 and
made some essential changes to HIPAA. HITECH provides incentives for making use of health records and also has
implements strict notification processes. Simultaneously, it tightens the enforcement laws, maximizes the
penalties and alters the liabilities and accountabilities of the Covered Entities and Business Associates. According
to HITECH, a security breach means "The unauthorized acquisition, access, use, or disclosure of protected health
information, which compromises the security or privacy of protected health information— except where an
unauthorized person to whom such information is disclosed would not reasonably have been able to retain such
information”.
Keeping this in mind, an automated HIPAA/HITECH compliance management solution must comprise of the
following:-
· Ongoing security and compliance in addition to real-time monitoring
· Multiple regulation harmonization
· A “ready-to-use” packaged content, regulations, assessment questions, best practices and the capacity to
customize fast
· Provide extensive reports, such as compliance and risk reports on demand
· Single and centralized repository for every compliance related evidence
· Easy to use and implement
· Support both HIPAA and HITECH regulations.
· Comply with requirements for Covered Entities (CE's) and Business Associate (BA's).
According to a Forrester research, compliance of all types has become an important aspect of data security
programs. Most organizations that Forrester surveyed had agreed on the fact that the data privacy laws, data
security regulations and data breach guidelines are the main aspects of IT security and compliance programs. In
the recent times emphasis has also been given to IT-GRC (governance, risk and compliance) that organizations
cannot ignore.
Check out - IT Compliance Management