2021 Fillmore Street #1128


24/7 solutions

HIPAA Healthcare Security

The HIPAA Healthcare Security Rule applies to health plans, healthcare clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”) and to their business associates.

What is HIPAA?
HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.
It protects most ‘identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper or oral.
The Privacy Rule calls this information Protected Health Information (PHI).

What is PHI?
PHI under US law is any information in a medical record that can be used to identify an individual that was created in the course of providing a healthcare service e.g diagnosis or treatment.
Practical examples of PHI are

  • Patient names
  • Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.
  • Dates — Including birth, discharge, admittance, and death dates.
  • Telephone and fax numbers
  • Email addresses
  • Social Security numbers
  • Driver’s License information
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certification/license numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Device identifiers and serial numbers
  • Names of relatives
  • Internet Protocol (IP) address numbers
  • Biometric identifiers — including finger and voice prints.
  • Full face photographic images and any comparable images.

Who has to comply with HIPAA?
HIPAA classifies those who must comply into three groups:

  • Covered entities (CEs) – A covered entity is anyone who provides treatment, payment and operations in healthcare. According to the U.S. Department of Health & Human Services (HHS) Healthcare Providers, Health Plans, and Healthcare Clearinghouses are all Covered Entities.
  • Business associates (BAs) – A Business Associate is a vendor or subcontractor who has access to PHI. Examples include services for medical transcription, insurance processing, and network management. Additionally, the subcontractors of business associates who handle ePHI are also subject to the rules.
  • Workforce – All employees, volunteers, and trainees of a covered entity or business associate. This includes anyone who is under the “direct control” of the organization, whether or not they are paid.

Why do I need to be HIPAA Security Compliant?
The HIPAA law requires all health care Covered Entities (CEs) and their Business Associates (BAs) to safeguard the privacy of patient health information. The HIPAA law also requires CEs and BAs to implement required security measures to protect patient health information.

HIPAA Healthcare Security Components

Free AWS Services List

Download this FREE list of all 200+ AWS services and ensure that you're using the optimal services for your use case to enhance efficiency and save money!

Free AWS Business Continuity Plan Template

Make sure you have the proper business continuity plan explicitly for you AWS infrastructure. our professionals built this template using AWS best practices so you can ensure it's built to scale! 

Free Cloud Migration Checklist

Without the proper cloud migration strategy, you risk losing time and money. Ensure that your migration process is running smoothly with our FREE cloud migration checklist.

Free AWS Services List

You might be optimizing with the wrong AWS services. Download this FREE list of all 200+ AWS services and ensure that you're using the optimal services for your use case to enhance efficiency and save money!

Download your FREE AWS Business Continuity Plan Template
Download Free 200+ AWS Services Checklist
Download our 10-Step Cloud Migration ChecklistYou'll get direct access to our full-length guide on Google Docs. From here, you will be able to make a copy, download the content, and share it with your team.