HIPAA (The Health Insurance Portability and Accountability Act)—
develop regulations protecting the privacy and security of certain health information.
Electronic Protected Health Information(ePHI). The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI).
Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit.
Identify and protect against reasonably anticipated threats to the security or integrity of the information
Few information that qualify as PHI include
(Name, Address, Any dates (except years) that are directly related to an individual, Telephone number, Fax number, Email address, Social Security number, Medical record number, Health plan beneficiary number
Access Controls: Implementing technical policies and procedures that allow only authorised persons to access ePHI.
Audit Controls: Implementing hardware, software, and/or procedural mechanisms to record and examine access in information systems that contain or use ePHI.
Integrity Controls: Implementing policies and procedures to ensure that ePHI has not been, and will not be, improperly altered or destroyed.
Transmission Security: Implement technical security measures that guard against unauthorized access to ePHI that is transmitted over an electronic network.