Understanding Health Information Privacy

  • The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. 
  • The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.


Process Roadmap for HIPAA

A generalized questionnaire is sent in advance to the organizations to demonstrate their capability and existing compliance with HIPAA. The questionaire is based on unified methodology to gather information that is also likely to be used in other compliance requirements.
Based on information received, the preliminary assessment is carried out with a report and plan.
Evaluation starts with Interview of management and associated executives to evaluate Risk management policies and previous risk report. Evaluate proposed architectures for alignment with the HIPAA in accordance with its security domains. Review, test, and validate sample of documentation and evidence. Perform a high-level review of key controls in place and identify gaps based on privacy, confidentiality and breaches. Provide feedback on common “problem areas” HIPAA and HITECH Act. It is followed by remediation Plan.
The comprehensive positive report is followed by a HIPAA attestation report.