The Health Insurance and Accountability Management Act (HIPAA) was enacted into law in 1996 to improve insurance coverage, as well as to reduce fraud and ease administration.
The Health Insurance and Accountability Management Act (HIPAA) regulation is mainly targeted towards any covered entities who handle health or healthcare-related data and providers who use or transmit electronic Protected Health Information (ePHI). In 2013, the coverage of HIPAA regulations has been expanded to include all Protected Health Information (PHI) users, including third-party service providers to be subjected to the same data privacy and protection laws under HIPAA.
The law contains requirements that aim to protect and safeguard the integrity of patient health information with critical information assets with infrastructure. While the law presents clear definitions of privacy and security requirements, some of its terms are broadly defined.
HIPAA coverage within the Alyne platform
Leveraging on, and in addition to the existing 1200+ Controls available in the platform, the Alyne Library experts have interpreted and mapped HIPAA requirements into a Control Set containing 480 robust Controls that are easily actionable, specific and measurable for business leaders to implement.
For organisations who are subject to compliance with HIPAA, Alyne now offers a comprehensive mapping of the regulation, covering not only §164.3xx which is focussed on Security Standards, but also the rules outlined in §164.4xx (Breach Notification) and §164.5xx (Privacy Aspects). This content now available in the Alyne platform, will simplify and enhance your ability to follow HIPAA compliance criteria.
HIPAA compliance rules include: HIPAA Privacy Rule, HIPAA Security Rule and HIPAA Breach Notification Rule
HIPAA Privacy Rules
The HIPAA Privacy Rule establishes national standards to ensure that patients' rights to PHI are protected. This includes medical records and other personal health information and it applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.
HIPAA Security Rules
The HIPAA Security Rule operationalises the HIPAA Privacy Rule. More specifically, this set of rules ensure that there are both technical and non-technical, that includes administrative and physical, safeguards to ensure that ePHI is transmitted and handled in a secured and responsible manner.
HIPAA Breach Notification Rules
The HIPAA Breach Notification Rule requires covered entities and their business associates to notify affected individuals and the media of a breach of unsecured PHI. Depending on its severity, if the data breach affects 500 and more individuals, the Secretary has to be informed no later than 60 days following the breach.
As with all Library Updates, the Control Set has been provided to existing and new Alyne customers alike. Contact our sales team at firstname.lastname@example.org to learn how Alyne can help your organisation, or schedule a meeting with an expert to experience Alyne's full capabilities.