The US Health Insurance Portability and Accountability Act (HIPAA) is intended to improve the efficiency of the U.S. health care system by encouraging the widespread use of electronic data. The standards provided by the Act address the security and privacy of healthcare data and the protection of Personally Identifiable Information (PII).
HIPAA legislation requires Health Care providers, Health Plans, Health Care Clearinghouses, and those who carry out tasks on their behalf to handle personal healthcare data responsibly and securely.
The Act sets a national standard for the security of electronic Protected Health Information (ePHI) for all healthcare providers and supporting organisations. It also mandates that breaches of unsecured protected health information are reported. In summary, here are the requirements for HIPPA compliance relating to electronic data:
- Technical safeguards require access control to allow only the authorised to access electronic protected health data.
- Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed.
- Network, or transmission, security. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.
While financial penalties for violating HIPAA rules came into force in 2006, this is now no longer the sole means of enforcement. Since September 2009, data breaches involving the health information of more than 500 people are required to be reported promptly to the U.S. Department of Health and Human Services (HHS), major media outlets, and each individual affected by the breach.
Breaches affecting fewer than 500 people are treated more leniently but must still be reported annually to the HHS secretary and the individuals involved.
Boldon James Classifier supports compliance with the HIPAA by allowing users to identify valuable data with classification labels or tags, enabling decisions to be made about how data is stored and transmitted. The organisation’s investment in and application of such a system may itself constitute a ‘reasonable measures’ defence to the legal charge of HIPAA contravention.
Boldon James Data Classification products supports HIPAA compliance by:
- Automatic application of third-party security software applied through classification metadata
- Identifying PII which requires special handling through labelling and classification
- Increasing users awareness about data sensitivity with visual labels
- Alerting or preventing users when they attempt to send messages that include sensitive information outside of the organisation
Boldon James Email Classifier
Boldon James Notes Classifier
Boldon James Office Classifier
Boldon James File Classifier
Boldon James Power Classifier
Boldon James SharePoint Classifier
Boldon James Mobile Classifier
Boldon James OWA Classifier
Boldon James Exchange Classifier
Boldon James CAD Classifier
Boldon James Mobile Filter