Health Insurance Portability and Accountability Act (HIPPA)

Health Insurance Portability and Accountability Act (HIPPA)

Health Insurance Portability and Accountability Act (HIPPA)

What is HIPPA?

Health Insurance Protability and Accountability Act (HIPPA), is a US federal law which regulates the flow of health data of the patients residing in the US. Organizations and companies dealing with the health data/information of the US residents need to comply with HIPPA. Under this Act, the Secretary of the U.S. Department of Health and Human Services (HHS) developed HIPPA Privacy Rule and HIPPA Security Rule:
  • HIPPA Privacy Rule establishes national standards for the protection of electronic protected health information (e-PHI) and;
  • HIPPA Security Rule establishes security standards for the protection of e-PHI held or transferred in electronic form.
    We help your organization to comply fully and fulfill all the requirements as per the HIPPA.

Application

  • The security rules are applicable on “covered entities” which includes health plans, pharmacy, radiology and electronic health records (EHR) labs, health care clearinghouses, laboratories and to any health care provider.

Requirements

  • Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit.
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information.
  • Protect against reasonably anticipated, impermissible uses or disclosures.
  • Ensure compliance by their workforce.
  • Risk Management of e-PHI
  • Administrative safeguards: security management process, Information access management, workforce training and management, and workstation and device security.
  • Technical safeguards: Access control, integrity controls, and transmission security etc.

Non-compliance

The U.S. Department of Health and Human Services (HHS) may impose civil money penalties up to $100 per failure. The upper limit for penalty per year is $25,000. If anyone discloses or obtains information with malicious intention, it may attract criminal penalty of $50,000 and up to one-year imprisonment.

Our Approach

  • HIPPA security rules are applicable on “covered entities” which includes- health plans, pharmacy, radiology and electronic health records (EHR) labs, healthcare clearinghouses, laboratories and to any healthcare provider.
  • We at Tsaaro, ensure that all the requirements as mentioned under the HIPPA are fully complied by your company/organisation in order to safeguard against all the potential threats to the security and integrity of the information.

Non-compliance

The U.S. Department of Health and Human Services (HHS) may impose civil money penalties up to $100 per failure. The upper limit for penalty per year is $25,000. If anyone discloses or obtains information with malicious intention, it may attract criminal penalty of $50,000 and up to one-year imprisonment.

How our privacy team can help

If your organisation is fully compliant to HIPPA-
  • It will protect your organisation from hefty penalties for non-compliance.
  • Helps in improving customers’ and investors’ trust in your organisation.
  • We at Tsaaro, will ensure data protection by design for your organisation.

How our privacy team can help

If your organisation is fully compliant to HIPPA-
  • It will protect your organisation from hefty penalties for non-compliance.
  • Helps in improving customers’ and investors’ trust in your organisation.
  • We at Tsaaro, will ensure data protection by design for your organisation.

Why Us?

At Tsaaro, our privacy team comprises of experienced lawyers and InfoSec professionals.

Together we ensure that your organisation is compliant with all regulatory requirements along with best possible technical and infrastructural solutions.

We provide personalised plans to our customers to inculcate data protection by design and by default in their processes in a cost efficient manner.

Why Us?

At Tsaaro, our privacy team comprises of experienced lawyers and InfoSec professionals.

Together we ensure that your organisation is compliant with all regulatory requirements along with best possible technical and infrastructural solutions. We provide personalised plans to our customers to inculcate data protection by design and by default in their processes in a cost efficient manner.