Are Healthcare Organizations Really Hipaa Compliant?

1590 Words7 Pages
Are Healthcare Organizations really HIPAA Compliant? Background and Introduction Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to set a national standard to protect medical records and other personal health information. The primary goal of HIPAA is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative cost. HIPAA is governed by 2 entities, the Privacy Rule and the Security Rule. These two rules dictates to outline what the Health and Human Services (HHS) requires to handle Protected Health Information (PHI) in all forms. The Office of Civil Rights (OCR) enforces HIPAA and can leverage…show more content…
The Office for Civil Rights (OCR) is responsible for issuing periodic guidance on the provisions in the HIPAA Security Rule (45 C.F.R §§ 164.302-318). The privacy and security risk analysis is the first step in helping health organizations determine any potential risk that might cause a data breach. In December 2014, OCR opened an investigation after receiving notification from Achorage Community Mental Health Services (ACMHS) regarding a breach of unsecured PHI affecting 2743 individuals due to malware compromising the security of its information technology resources. It turned out that ACMHS adopted sample Security Rule policies and procedures in 2005. The security incident was the direct result of ACMHS failing to identify and address basic risks in the privacy risk analysis. Secondly, healthcare organizations should inoculate yourself by having a solid data encryption system. There are different types of data encryption for different kind of data. When the data is at rest, data encryption can be employed in multiple locations and cover structured and unstructured data. The only way to truly be safe is to encrypt the data itself. With the value of data changing over time, new data will require an immediate and new data encryption plan. When the data is in motion, it is easy for hackers to
Open Document