60 likes | 184 Views
Information Security in Real Business. HIPAA Compliance Fantastic Four Casey Ford Maninder Singh Ranger Olsom. Health Insurance Portability and Accountability Act. HIPAA was enacted by the U.S. Congress in 1996. Title I
E N D
Information Security in Real Business HIPAA Compliance Fantastic Four Casey Ford Maninder Singh Ranger Olsom
Health Insurance Portability and Accountability Act • HIPAA was enacted by the U.S. Congress in 1996. • Title I • Protects health insurance coverage for workers and their families when they change or lose their jobs. • Title II • Known as the Administrative Simplification (AS) provisions • Requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. • This is intended to help people keep their information private, though in practice it is normal for providers and health insurance plans to require the waiver of HIPAA rights as a condition of service.
HIPAA Title II: 5 Rules • Per the requirements of Title II, the HHS has promulgated five rules regarding Administrative Simplification • Privacy Rule • Transactions and Code Sets Rule • Security Rule • Unique Identifiers Rule • Enforcement Rule.
Privacy Rule • It establishes regulations for the use and disclosure of Protected Health Information (PHI). • PHI is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual.
Security Rule • The Security Rule complements the Privacy Rule. • The Security Rule deals specifically with Electronic Protected Health Information (EPHI). • It lays out three types of security safeguards required for compliance: • Administrative • Physical • Technical • For each of these types, the Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications.
Security Problem • The insurance coverage information that a company manages requires a high degree of privacy and security. • In order to implement the appropriate levels of security to be in compliance with HIPPA, a company needs to fulfill many different requirements. • We will survey a an existing implementation’s effectiveness in meeting HIPPA requirements and determine what changes need to be made in order to make the company compliant.