Healthcare Compliance: Understanding HIPAA/HITECH regulatory controls – a
Security is a major cause of concern in today’s techno savvy global corporate environment. With
organizations and healthcare facilities going towards a paperless environment, most of the information
transfer and storage is in digital formats. Organizations, healthcare institutions and hospitals are faced
with security challenges of their records and personnel. The need to protect the privacy of employees or
patients involves a critical issue of the access to the electronic information.
Through a forward looking approach with view to address the current problems of IT compliance and
security requirements of the healthcare industry and corporate sectors, various regulatory controls were
put in place. This includes healthcare compliance in the form of Health Information Technology for
Economic and Clinical Health (HITECH) Act, signed as a part of the American Recovery and
Reinvestment Act of 2009. The Act, besides adding requirements for security breaches, has also laid
down security standards for maintaining electronic health records. This Act also expands the privacy
provisions beyond the Health Insurance Portability and Accountability (HIPAA) Act.
Tthe HIPAA act was enacted in 1996 in the United States among other things to protect the health
insurance coverage for employees and their next of kin in case of change of workplace or retrenchment.
With the widespread use of electronic data exchange, HIPAA also made provisions for health care
providers, insurance companies and employers to confirm to national standards in electronic health care
transactions, so as to maintain high level of security. However, since the integrity of data is at risk by
technological enhancements, the HIPAA healthcare act has transaction and code rules besides a
number of standards and guidelines for the organizations to maintain the privacy and security of sensitive
Though considered a boon to the security of healthcare information, these regulatory systems offer the
entities a number of challenges too. The use of compliance management software developed by
experts in the field will help organizations streamline and automate compliance initiatives. Further
organizations have also made use of smart cards to identify access to the electronic documents. Such
holistic enterprise-wide approach is needed for effective controls
Conformance to HIPPA/HITECH regulatory controls ensure Information security and healthcare
regulatory compliance. These Acts address the security and privacy issues in healthcare industry.
HITECH applies to the business associates too. Under such provisions, the business associates are also
accountable for any data breaches and face penalties for non-compliance.
Also read on - HIPPA compliance, Vulnerability management