Health Insurance Portability Accountability Act (HIPAA)

2:03 pm Paul Falcone

Health Insurance Portability Accountability Act (HIPAA)

HIPAA-square-logo

Covered Entities: Health Organizations

Governed by the U.S. Department of Health and Human Services

The Health Insurance Portability Accountability Act (HIPAA) was enacted in 1996 by the U.S. Department of Health and Human Services to require covered entities to safeguard the privacy of protected health information (PHI) in any form. This means that organizations must implement procedures that limit incidental — while fully avoiding prohibited — uses and disclosures of PHI including disposal. HIPAA requires that covered entities to implement procedures to specifically address disposition of electronic PHI as well as the hardware or e-media on which it is stored.

In laymen’s terms, this means that covered entities are never permitted to dispose of any PHI or the media on which it is housed in dumpsters or other publicly accessible containers, nor is PHI allowed to be simply abandoned. That said, like most other data security regulations, HIPAA does not mandate a specific disposal methodology but rather references NIST 800-88 while asking organizations to determine their own disposal policies. Typically, organizations determine their own circumstances and potential risks to determine the most appropriate methodology to safeguard PHI and the required steps to do so. PHI such as name, social security number, credit card number, diagnosis, treatment information, or other sensitive information require more stringent care due to the risk of identity theft or harm to a person’s reputation.

Those who must comply with HIPAA include but are not limited to the following: Health insurance companies; HMOs, or health maintenance organizations; doctors; clinics; psychologists; dentists; chiropractors; nursing homes; and pharmacies.

As there are no specific disposal regulations with HIPAA, NIST 800-88 data disposal methodology should be followed. All of SEM’s high security paper shredders, disintegrators, IT shredders, IT crushers, and degaussers are appropriate for the disposal of PHI following NIST 800-88 protocols.

Read More

cloud-data-security

How to Effectively Maintain HIPAA Compliance in the Cloud

In today’s digital age, the majority of data is stored electronically in internet-based cloud software. Whether for convenience or accessibility, or due to physical hardware … Continue reading How to Effectively Maintain HIPAA Compliance in the Cloud

pii-security

The Importance of the NIST 800-88 Standard for Media Sanitization in Secure Data Destruction

Trends in data storage are changing at an exponential rate. The past few years alone have seen the progression of data storage from large servers … Continue reading The Importance of the NIST 800-88 Standard for Media Sanitization in Secure Data Destruction

HIPAA-privacy-rule

Making Sense of HIPAA

HIPAA is an acronym for Health Insurance Portability Accountability Act which was enacted in 1996. It requires the Secretary of the U.S. Department of Health and Human Services to develop regulations protecting the privacy and security of certain health information.