HIPPA stands for Health Insurance Portability Accountability Act. It was founded in 1956 Department of Health and Human Services. It Started to protect our most valuable information, which is our health. We are speaking about any business that has any relationship to health care such as dentists, pharmacists, clinics, therapists, and much more. There are two specific types of information that HIPPA is involved with, which are PHI and PII.
PHI stands for Personal Health Information, which consists of cholesterol levels, diabetes, and much more.
PII stands for Personal Identifiable Information. This information consists of your social, your address, date of birth, mother's maiden name, and much more.
These documents need to be in a separate file. This way, it is harder to see what information goes to who, this is a need to know to gain access with some security. This is how the industry protects people's data from hackers or someone who wants to use it in a negative way.
To gain access to EMR (Electrical Medical Records), your company must be HIPPA Compliant. If your business uses a cloud service that holds the medical records you can have a contract that provides you with how they hold the information. This is called BBA which stands for Business Associates Agreement.
How is that information Encrypted?
Data at rest: Data sitting on a server or network storage area, on a physical hardware piece or virtual machine. This information must be encrypted while sitting there.
Data in motion: Data that crosses a network. This is very important that it is encrypted, especially if you are going on some public network.
Both must be secured; it can not be a clear text but encrypted. Use the 12 steps of PCI that we talked about before when it comes to becoming HIPPA Compliant.
Making sure that the information is encrypted because it is susceptible to information. Having a patient's information stolen could cause huge fines.
Why is HIPPA so important?
Health care professionals handle sensitive information, and following the HIPPA regulations is very important. Having a patient's information stolen could
kill the trust of that provider. A first-time offense could cost you 50,000$, which could make a small company go out of business.
The truth is being hacked is very possible for any business. So it is important that we all take the necessary steps to make sure our businesses are protected.