Java Reference
In-Depth Information
5. 3. 2.4 HIPA A
he Health Insurance Portability and Accountability Act, popularly known as HIPAA, was
enacted by the U.S. Congress in 1996. his act was created based on the rapid technological
advancements that have heavily inluenced the health care industry. Health care providers all
over the United States have moved most of their patient health records to a computerized format
to facilitate easy access and transmission of the said information, but upon occurrence of several
breaches of sensitive individual health information, the U.S. government enacted the HIPAA to
ensure accountability, efectiveness, and security of sensitive individual health information. he
objective of this act is a multipronged one encompassing not only information security but also
other aspects of health care in the United States. One of the primary objectives of HIPAA is that
it aims at achieving the continuity and portability of health insurance information through the
standardization of electronic patient/health insurance information, inancial information, and
administrative information. Another important aim of HIPAA is to bring about accountability
among the several organizations involved with health care all around the United States and their
partners. Health care providers (including clinics and hospitals), health plan providers, health care
clearinghouses, and their business associates who store, process, or transmit any health informa-
tion are under the purview of the HIPAA. hese entities are known by the act as
covered entities
.
Accountability is aimed at being established through the reduction of fraud, waste, and abuse of
health insurance/patient information. Establishing several clauses mandating the need for privacy
and conidentiality of individually identiiable health information (IIHI) and protected health
information (PHI) achieves this objective. he HIPAA consists of two titles, namely,
Title 1:
Healthcare Access Portability and Renewability
and
Title II: Preventing Healthcare Fraud and Abuse;
Administrative Simpliication; Medical Liability Reform.
Individually identiiable health information is the identiiable health information and demo-
graphic information collected from an individual.
Protected health information
is the individu-
ally identiiable health information that is stored, processed, or transmitted by the covered entity
regardless of form. his information includes the name, Social Security number, date of birth, and
several other elements of personal information and health information of an individual.
Title II of the HIPAA deals with the prevention of health care fraud and abuse, administrative
simpliication, and medical liability reform. his title consists of several rules, which are required
to be followed by covered entities and their business associates. he rules are the
Privacy Rule,
the
Transaction and Code Sets Rule,
the
Unique Identiiers Role,
the
Enforcement Rule
, and the
Security
Rule
. he Security Rule states that covered entities and their business associates have to take
all possible precautions to ensure the conidentiality, integrity, and availability of electronic PHI
that is stored, processed, or transmitted. Naturally, to ensure the same, technical, physical, and
administrative security measures need to be implemented to ensure that PHI is protected against
security breaches. HIPAA is not granular technical standard like PCI-DSS but calls for a risk
assessment and risk management-based approach, where all risks to the critical asset (in this case,
PHI) are taken into consideration and risk mitigating measures are designed and appropriately
implemented based on the health care provider. Web applications that handle the hospital man-
agement and patient care are an integral part of any health care entity and are inseparably bound
by PHI and other related information; with the constant need for easy exchange of information,
Web applications have also become an important consideration for several health care entities and
their business partners. Security measures such as authentication and authorization, logging, and
encryption would be important measures to implement in applications that need to be deployed
in HIPAA-compliant entities or entities undergoing HIPAA compliance.
Search WWH ::
Custom Search