Healthcare organizations, including Covered Entities and Business Associates, face an array of security and regulatory challenges. Legislation including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, Promoting Interoperability Program, and the Minimum Acceptable Risk Standards for Exchanges (MARS-E) rules control how you handle and protect patient data. Healthcare organizations are required to assess, remediate, validate and maintain ongoing compliance activities.
Some specific health information privacy requirements and certifications include:
- HIPAA requires healthcare providers/Covered Entities and Business Associates to apply the appropriate administrative, technical, and physical safeguards that ensure the privacy of Protected Health Information (PHI)
- HITRUST requirements focus on protecting ePHI through a comprehensive approach that unifies the NIST, HIPAA & HITECH, ISO 27001, PCI DSS, FTC, and COBIT recognized standards and SOC 2 criteria
- HITECH has tightened breach notification requirements, increased financial liability amounts and established that covered entities are liable for their business associates
- Promoting Interoperability Program requires hospitals and eligible professionals to undergo a security risk analysis and correct any identified deficiencies discovered
- MARS-E sets the minimum set of standards required place focused on the security of computer systems handling patient/healthcare information for healthcare exchanges