HIPAA Guidelines

Written by David Y

August 29, 2022

Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule. The HIPAA Privacy Rule creates national standards to protect individuals’ medical records and other personal health information (PHI). Organizations that have to be HIPAA compliant first need to understand what PHI data they have, where PHI data resides, who their business associates are, their legal contracts, current policies, and controls in place. HIPAA violations can have fines can be up to 1.5 million per year. Breach notification costs, attorney fees, lawsuits, etc. can also be many thousands. This also doesn’t include additional laws and industry regulations in U.S. states, European Union, PCI, etc. A risk management framework, proper security controls, a solid technology infrastructure, and training are all needed to meet such requirements.

Book a Free Consultation Today

Book Now

Schedule a Free Consultation with an Airius vCISO!

Looking for Industry Insights straight to your inbox?

Services

Security Risk Assessments Virtual CISO (vCISO)Compliance Urgent Assistance Risk Management Framework Secure Software Development & Security Training Human Resources Services

Regulatory Compliance

PCI HIPAA ISO 27001 SOC 2 NIST CMMC GDPR

Resources

Blog

Company

About Us Contact Us Call Us Today
9173363440

Privacy Policy Cookie Policy Terms of Service

24 East Ave #332, New Canaan, CT 06840