Compliance
By
Christopher Knight
SEC 440
16 Oct 2014
TO: Company Chief Security Officer
FROM: Security Engineer
DATE: 16 Oct 14
SUBJECT: HIPAA Security Compliance for Alba, IA Hospital
Any patient that is seen by a physician within the United States is to be protected by the “Health Insurance Portability and Accountability Act” or HIPAA, which was passed into law in 1996 (Jani, 2009). All health care facilities dealing with any protected health information (PHI) are to ensure that all physical/electronic processes are safeguarded from any third party entity or unauthorized personnel according to HIPAA. All health care data to include any medical insurance information is to be private and must be secure. All medical institutions within the U.S. are expected to enforce these rules to ensure that they are compliant with the law. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. The patient can be restricted from a health plan one year after enrolment or 18 months in the case of late enrolment. However, patients who already had a plan prior to the exclusion plan would have their plan reduced or eliminated. Long term health plans are excluded from Title 1 requirements of the Act. Title II of HIPAA defines the policies, procedures, and guideline for maintaining the privacy and security of individual health information as well as outlining the offenses related to health care and sets the civil and criminal penalties for any violations. Compliance with HIPAA was required in April 2003. This means that personal health information is on a need to know basis.
Physical Measures In regards to the physical measures of the security compliance policy, restrictions will be applied on all medical staff members that have access to patient information. Medical staff involved with receiving patient data, transferring, re-using or
References: HAYDEN, J. R. (2013). Health Plans and HIPAA Privacy and Security. Journal Of Health Care Compliance, 15(2), 45-59. Jacoby, R. J. (2007). Integrating HIPAA into a Hospital Compliance Program. Journal Of Health Care Compliance, 9(2), 53-54. Summary of the HIPAA Privacy Rule. (n.d.). Retrieved October 15, 2014, from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html (2005). Potential impact of the HIPAA privacy rule on data collection in a registry of patients with acute coronary syndrome Jani, S. (2009). Congressional Research Service (CRS) reports regarding HIPAA. Wafa, T. (2010). How the Lack of Prescriptive Technical Granularity in HIPAA Has Compromised Patient Privacy Wilson, J. (2006). Health Insurance Portability and Accountability Act Privacy rule causes ongoing concerns among clinicians and researchers Wolf, M. (2006). Local perspective of the impact of the HIPAA privacy rule on Research