HIPAA Security Risk Assessment

Simplification of HIPAA federal law and security impact

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law in the United States that safeguards sensitive patient health information. It applies to covered entities (such as healthcare providers, health plans, and clearinghouses) and their business associates. Compliance with HIPAA ensures the confidentiality, integrity, and availability of electronic protected health information (e-PHI).

HIPAA ensures the protection of sensitive health information while allowing necessary data flow for quality healthcare.

What are Covered Entities and Business Associates?

Covered Entities: These organizations directly deal with people’s health information. HIPAA requires them to protect that information. For example- Doctors and Hospitals, Health Insurance Companies, Pharmacies, etc.

Business Associates: These are outside companies or people who work with covered entities and help them with tasks that involve handling or using health information. Even though they don’t directly provide healthcare, they still must follow HIPAA rules when dealing with health data. For example- Medical Billing Services, IT companies, Accounting Firms, etc.