Aperio-it Logo

Formerly Aperio IT

  • Home
  • Services
    • Office 365 IT
    • Manage IT
    • Helpdesk IT
    • Cloud IT
    • Recover IT
    • Secure IT
  • About
    • Business Partners
    • Request A Demo
    • Referral Program
  • Support
    • Support Blog
  • Contact
  • Blog
  • Managed IT Support Services
  • Schedule My Free Assessment
Home Blog HIPAA Rules for Protected Health Information

HIPAA Rules for Protected Health Information

June 1, 2016 blog
Sacramento-Hipaa

A common question regarding HIPAA is whether a covered entity can be fined for violations of the HIPAA rules even if there is no breach of Protected Health Information. Worryingly, the answer is yes. So a clear understanding of the HIPAA rules is necessary to protect your company.

 

While HIPAA (the Health Insurance Privacy and Accountability Act) has many rules, when people speak of the “HIPAA Rules” they are usually referring to three primary sets of regulations. These “rules” lay out how covered entities are to handle PHI (Protected Health Information). The three main HIPAA Rules are:

  • The Privacy Rule
  • The Security Rule
  • The Breach Notification Rule

 

The Privacy Rule

The Privacy Rule applies to PHI in any form, including oral, written, and electronic. Under the Privacy Rule, covered entities are responsible for making certain their employees (and business associates) use and/or disclose PHI only for authorized purposes. This means employers must keep their workforce trained to recognize what data is considered PHI and how to handle it appropriately.

 

Under this rule, covered entities are also responsible for making certain that only as much PHI as is necessary for a given purpose is disclosed. That is, the rule means it is not appropriate to just share entire medical records; only the portion of a record that is necessary for a given task is appropriate to share.

 

Other areas covered by the Privacy Rule include requirements for Business Associate Agreements (BAAs) with covered entities’ customers, vendors, and partners; standards to de-identification of Protected Health Information (that is, what kinds of information need to be removed from PHI in order to make it appropriate to share); specifications of patients’ rights to their own PHI; and requirements for covered entities to designate a privacy officer, publishing of privacy practices, and more.

 

The Security Rule

Unlike the Privacy Rule, the Security Rule applies only to electronic PHI. It delineates requirements for administrative, physical, and technical safeguards of electronic PHI and requires publication of documentation that describes the policies and procedures covered entities employ regarding those safeguards.

 

The Security Rule also specifies how long a covered entity must retain documentation of their Security Rule compliance.

 

The Breach Notification Rule

The Breach Notification Rule defines a reportable HIPAA breach, states what covered entities must do in case of such a breach, who they must notify, and how soon they must notify them.

 

This rule also states under what circumstances unauthorized access to encrypted PHI may not be considered a reportable breach.

 

Ready to Learn More about HIPAA Compliance?

 

If you’d like to learn more about how HIPAA compliance, Aperio IT will be holding a free Lunch and Learn Event on Wednesday, June 8. Brian Olsen, HIPAA Security Advisor, will be joining us to help answer your concerns about HIPAA regulations. You can find out details and register here to attend.

 

You can also take a look at our recent HIPAA-related posts:

  • “HIPAA Trends That Could Affect Your Business”
  • “Is Your Business Affected by HIPAA Regulations?”

 

breach notificationBusiness Associate Sacramentocovered entitiesHIPAA Ruleshipaa sacramentoprivacy rulesecurity rule
Share:

Sales: (916) 352-8792

Support: (916) 568-6830

Sales: info@aperio-it.com

Support: support@aperio-it.com

SUPPORT LINKS
  • Remote Support App
  • Login To Client Portal
  • Create Support Ticket
SUPPORT LINKS

© Copyright Aperio IT

APERIO IT HAS A NEWSLETTER

Sign up today for free & stay current with local IT news.

X
Support Agent

Christina F

IT Specialist

What Makes Us Unique
  • Free Network Assessment
  • Host of IT Services
  • $50 Million Infrastructures
  • 30 Second Response time
  • Over 125 IT & Help Desk Technicians
  • Unlimited 24/7 Support
BBB Rating
Looking for Managed Services?

Get in touch with us today to find out how can we help you

Proudly serving over 1000 business nationwide

Thank you for reaching out to us. One of our experienced team members will reach out to you shortly. If you need to speak with someone immediately.

Call us at 916.568.6830