Author: Joseph Jachimiec, Security Administrator
Looking for a HIPAA-compliant print and mail provider? Overwhelmed with the confusing HIPAA terms and security mumbo-jumbo? Look no further than this HIPAA cheat sheet.
Let’s take a quick look at HIPAA. By the end of this article, you should know enough HIPAA information to impress even me!
Let’s get to it…
In 1996, Congress passed the Health Insurance Portability and Accountability Act, otherwise known as HIPAA. In addition, Congress tasked the Office of Civil Rights (OCR) and the Department of Health and Human Services (HHS) with enforcing the new HIPAA laws.
The new HIPAA regulations not only enabled Americans to transfer health coverage between jobs but also detailed the requirements for businesses to protect our personal health information.
This same data protection is a priority for us at Nahan.
These days, it seems like there’s an infinite variety of data and information. For HIPAA purposes, sensitive data revolves around our private and personal health information.
In the HIPAA world, this personal health information is called Protected Health Information (PHI). When PHI is in digital format–when it’s electronically stored, accessed, or transmitted–it’s called electronic PHI or ePHI.
PHI and ePHI can include:
HIPAA specifies two types of organizations that handle PHI and ePHI, and thus must be HIPAA compliant: Covered Entities and Business Associates.
What’s the difference?
Covered Entities collect, create, store, and transmit PHI and ePHI. They are the first line of businesses that are “covered” by the HIPAA regulations, meaning they must follow the HIPAA laws and regulations to avoid fines and other disciplinary actions.
Covered Entities include:
Business Associates, on the other hand, are businesses that provide various services to Covered Entities. For example:
In the course of providing these essential services, Business Associates may encounter PHI and ePHI. Therefore, Business Associates must follow many of the same HIPAA rules and regulations as Covered Entities.
As hinted above, Nahan is a Business Associate to our Covered Entity customers and we take the protection of their PHI and ePHI seriously.
In fact, we’re proud to be HIPAA Compliant!
No cheat sheet explaining the fundamentals of HIPAA would be complete without touching on the HIPAA Rules.
There are four main HIPAA rules. Lawmakers established these rules after the initial adoption of HIPAA in 1996. The rules clarify the older laws and set additional standards, especially for the protection of PHI and ePHI.
Here are the four HIPAA Rules summarized in true cheat sheet style!
The HIPAA laws and regulations are a confusing landscape. Breaking it down into bullet points can help with understanding the big picture: protecting PHI and ePHI.
Nahan is a trusted Business Associate and provider of HIPAA-Compliant print and mail services. We meet and exceed HIPAA requirements for protecting our customer’s PHI and ePHI.
If you are looking for a HIPAA-Compliant provider, contact us today!
Joseph Jachimiec is a security, IT, and marketing professional. As the Security Administrator at Nahan, he heads up our information security program and is the go-to guy for our customer/third-party security audits and PCI, SOC 2, and HIPAA compliance initiatives. In his spare time, he dreams about what it would be like to have more spare time.
Image by ar130405 from Pixabay