The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the main federal law that protects health information. The HIPAA Privacy and Security Rules protect the privacy and security of individually identifiable health information. HIPAA Rules have detailed requirements regarding both privacy and security.

The privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government.

Federal laws require many of the key persons and organizations that handle health information to have policies and security safeguards in place to protect your health information - whether it is stored on paper or electronically.

The HIPAA Privacy Rule covers protected health information (PHI) in any medium, while the
The HIPAA Security Rule covers electronically protected health information (ePHI).

HIPAA Risk Assessment and Remediation Services

According to HIPAA, all such data, including credit cards, is considered Protected Health Information (PHI), and any organization that collects such data is required to keep it as secure as possible. Though the possibility for sensitive data loss varies from company to company, performing a HIPAA risk analysis allows any organization to identify weak spots and begin making plans to ensure data security.

Why HIPAA Risk Assessments are Necessary

The Department of Health & Human Services (HHS) requires all organizations it covers to conduct a HIPAA security risk analysis. By performing this HIPAA security assessment, an organization can ensure it is compliant with HIPAA's administrative, physical, and technical safeguards and other requirements. Some of these safeguards and requirements include:

Assigned security responsibility
Information access management
Security incident procedures
Facility access controls
Device and media controls
Audit controls
Person or entity authentication
Requirements for Group Health plans
Policies, procedures, and documentation requirements

The full list of HHS security standards, including detailed safeguards and requirements, can be viewed here. Through performing a HIPAA security assessment, organizations can identify gaps in compliance, respond to immediate risks, and take preventative measures to protect against future risks.

While the HHS Security Standards Guide outlines components of risk analysis, the guide can be intimidating or difficult to fully understand.