A guide to Secure with HIPAA.

Published On 28th May 2019

What is HIPAA(Health Insurance Portability and Accountability Act)

One would think that the enactment of the HIPAA, with its mandates on data security and privacy, would have brought a major shift in the security management practices within the US healthcare. Unfortunately, recent industry reports indicate low levels of regulatory compliance, thus raising security concerns for the US health IT infrastructure. This research develops a regulatory compliance model by drawing insights from the institutional theory literature to identify the key drivers influencing HIPAA compliance, both institutional and market forces (eg, variability in state-level privacy laws comprehensiveness, interdependency between privacy and security rules, pressure from compliance leaders in the region, compliance officer‟ s functional background, and the consumer concern for privacy). We validate the model using a national sample of acute-care hospitals and find partial support. The primary contribution of this research lies in the novel application of institutional theory to explain the variability in regulatory compliance prevalent in the US healthcare sector.

HIPAA is very complex. So are the privacy and security initiatives that must occur to reach and maintain HIPAA compliance. Organizations need a quick, concise reference in order to meet HIPAA requirements and maintain ongoing compliance. The Practical Guide to HIPAA Privacy and Security Compliance is a one-stop resource for real-world HIPAA.

Significance of HIPAA

HIPAA Penetration Testing NIST has issued a special recommendation for HIPAA that says, “Conduct trusted penetration testing of the effectiveness of security controls in place, if reasonable and appropriate. This validates your exposure to actual vulnerabilities.”
It also says to document any deficiencies that are identified in a technically detailed report and include effective, efficient, and clear methods for remediation. That is a NIST recommendation specifically for HIPAA. All information that is created and/or stored on the tested systems will be removed from these systems. If this is for some reason not possible from a remote system, all these files (with their location) will be detailed in the technical report so that your technical staff will be able to remove these after the report has been received.

Healthcare cyber security and HIPAA assurance with business associates

This is to summerize how the Health Insurance Portability and Accountability Act (HIPAA) regulations have evolved over the past twenty years and the multitude of cyber security threats faced by the healthcare industry. Secondly, it reviews the HIPAA responsibilities, liabilities and lack of clarity for covered entities and their business associates in providing one another assurance of compliance. Thirdly, it seeks to illuminate the state of HIPAA compliance in today’s healthcare landscape and finally explains the current industry approaches to HIPAA assurance and their perceived value
The Security Standards for the Protection of Electronic Protected Health Information, commonly known as the HIPAA Security Rule, establishes national standards for securing patient data that is stored or transferred electronically. It draws from the National Institute of Standards and Technology's Cybersecurity Framework.


Rakesh chandanala