Importance of Staying HIPAA and HITECH Compliant
An integral aspect of IT security is managing the regulatory compliance needs efficiently. Security compliance
programs today, like GLBA (Gramm-Leach Bliley Act), HIPAA (Health Insurance Portability and Accountability Act)
and the Sarbanes-Oxley are becoming dynamic. Therefore, most enterprises are searching for a comprehensive
compliance framework that is cost-efficient and effective.
If your organization is a large or medium scale medical provider, a hospital or a medical institution having
experience in health care programs, involved in patient health information (PHI) indirectly or directly, or through
an intermediary, then you are a “Covered Entity” or “Business Associate” as per HIPAA/HITECH rules. Hence your
institution needs to achieve and maintain IT security and compliance as per the HIPAA and HITECH guidelines.
Business Associates and healthcare providers today need to comply with HIPAA/HITECH compliance policies.
HIPAA came into existence to attain the following objectives:
To enhance the continuity and portability of health insurance coverage
To assist in easy exchange of electronic data
To minimize the cost through improved efficiency, effectiveness and standardization
To ensure that every personal health record is secured privately
On the other hand, HITECH (Health Information Technology for Economic and Clinical Health Act) came into force
in 2009, after making certain modifications to HIPAA. HITECH offers specific incentives for utilizing health records
and has strict notification guidelines as well. It has also made the enforcement policies stricter and has increased
penalties and changed liabilities and accountabilities of the Business Associates.
HITECH also has its new definition of a security breach -“unauthorized acquisition, access, use, or disclosure of
protected health information, which compromises the security or privacy of protected health information— except
where an unauthorized person to whom such information is disclosed would not reasonably have been able to
retain such information”. Therefore, in order to fulfill the compliance and security needs, companies today should
implement appropriate controls for averting unwarranted access and leakage of sensitive patient data. This is
where compliance management solutions are required to provide guidance and security for every medical activity.
An automated HIPAA compliance management solution should have the following features:
End-to-end security and compliance with real-time monitoring
Multiple regulation harmonization
A “ready-to-use” packaged content, regulations, assessment questions, best practices and the capacity to
Provision of extensive reports, i.e. compliance and risk reports on demand
A single and centralized repository for all compliance related evidence
Easy to use and implement
Supports both HIPAA and HITECH regulations.
Complies with the requirements for Covered Entities (CE's) and Business Associate (BA's).
Today compliance management solutions that are HIPAA compliant include security and IT-GRC (Governance Risk
and Compliance) functions that are required to stay compliant. They have an “easy to adopt” compliance
management frameworks and “ready to use frameworks” with high-end context based inference engines,
monitoring,high-end alert processing, and logging solutions.
Read more on - Aegify Security Posture Management tool, IT Compliance, Vendor Management