HIPAA (Health Insurance Portability and Accountability Act)
Page Information
Contents
HIPAA (Health Insurance Portability and Accountability Act)
HIPAA?
On August 21, 1996, the U.S. Department of Health and Welfare enacted the Health Insurance Portability and Accountability Act (HIPAA) to prevent patients' personal health information (PHI) from being disclosed without their own consent.
This can be applied to medical institutions and organizations that provide related services (cloud service providers, etc.) according to the collection and utilization of electronic information. The main goal is to ensure limited and secure use of the information needed to provide personal health information.
Information Protectable by HIPAA
The Privacy Policy (HIPAA) protects all “individually identifiable health information” possessed by covered entities or partners in any form or medium, whether electronic, paper or oral.
Individually identifiable health information includes the following information, including demographic data, name, address, date of birth, social security number, etc.
- • A person's past, present, or future mental health or condition
- • Provided Medical Services
- • Past, present, or future payments to provide healthcare to individuals
Subject to HIPAA
- • Health Plan: Individuals and groups (insurers, long-term care insurers, etc.) who provide or pay for medical services
- • Medical Service Provider: Any medical service provider of health information electronically, regardless of size
- • Healthcare Information Center: Groups that use and process non-standard information provided by other partners
- • Related business providers: Service providers for specific functions or activities or identifiable health information on their behalf
HIPAA Requirements
HIPAA requirements are categorized as administrative, technical, physical, and other.
- • Administration: establishment of information management procedures, etc.
- • Physical: Management of physical devices/places/systems for personal information protection, etc.
- • Technology: access and use of software and cloud, integrity assurance, etc.
- • Others: contracts with stakeholders, document management, etc.
HIPAA provides specific standards for the use of patients' medical information in medical organizations subject to privacy rules, and uses appropriate information to protect and prevent abuse of personal medical information.
Covered entities may be subject to fines through the U.S. Department of Justice or the Department of Health and Human Services if they do not comply with the requirements.
Necessity of HIPAA
- • Acquisition of reliability through meeting stakeholder needs
- • Implementation of a safe system through the establishment and operation of systematic information management procedures
- PreviousPharmaceutical Packaging Material Quality Management System Specification Standard 23.08.18
- NextTopic: misuse of "FDA Approved" statement and FDA logo 23.07.26
Comment list
There are no registered comments.