A brief introduction to HIPAA Compliance

Published on : 20 Jul 2020

introduction to hipaa compliance

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. Also known as the Kennedy-Kassebaum Act, its primary objectives are to improve the portability and accountability of health insurance coverage, combat waste, fraud, and abuse in health insurance and healthcare delivery, and simplify the administration of health insurance.

What is HIPAA Compliance?

HIPAA Compliance refers to the process of adhering to the rules and regulations set forth by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This federal law outlines a series of regulatory standards for the use and disclosure of protected health information (PHI). Compliance with HIPAA is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR). Covered entities and business associates must follow strict guidelines designed to protect and secure PHI. The goal of HIPAA Compliance is to ensure the privacy, security, and integrity of PHI.


What is Protected Health Information?

Protected health information (PHI) is data or information about a patient or client availing healthcare services. Common examples of PHI include names, addresses, phone numbers, Social Security numbers, medical records, financial information, and full facial photos to name a few. PHI transmitted, stored, or accessed electronically falls under the HIPAA regulatory standards and is known as electronically protected health information or ePHI. 

Who needs to be HIPAA compliant?

Under HIPAA Compliance the regulation identifies two types of organizations that are expected to be HIPAA compliant.

Covered Entities:

Defined by HIPAA regulation, a covered entity is as any individual or organization that collects, creates, or transmits PHI data physically or electronically. Health care organizations that are considered covered entities include doctors, nurses, and insurance companies who have direct access to PHI. 

Business Associates:

  • Defined by HIPAA regulation, Business Associates are those that encounter or get access to PHI in any way during work performed with a covered entity. It can be any individual working with a covered entity in a non-healthcare capacity but are equally responsible for maintaining HIPAA compliance as the covered entities. Since there is a wide scope of service providers involved directly or indirectly in handling, transmitting and processing of PHI, Business Associates could be anyone ranging from billing companies, third-party consultants, IT providers, faxing companies, shredding companies, physical storage providers, cloud storage providers, email hosting services, attorneys, accountants, administrators, and many more who work in the healthcare industry and have access to PHI.

While covered entities and business associates are required to be HIPAA compliant, there are several challenges that they may face in achieving and maintaining compliance. To learn more about these challenges and ways to tackle them, check out our blog on ‘HIPAA Compliance Challenges and Ways to tackle them’.

Also Watch the webinar on HIPAA Basics.

How can VISTA InfoSec help organizations in achieving HIPAA Compliance?

VISTA InfoSec is a well-known Information Security Consulting Service provider in India. The company has a strong global presence with its offices established in the US, and Singapore.  With 16 years of experience and a highly competent team, VISTA InfoSec remains at the forefront in providing efficient Information Security Compliance services to clients spanning across different industries. Among the many Compliance and Regulatory service (SOC2/PCI PIN/PCI DSS/PA DSS/ISO27001/CCPA/NESA/GDPR) the company also offers HIPAA Compliance services to clients in the healthcare sector. VISTA InfoSec has worked with some of the largest Hospitals and Healthcare providers globally to help protect their patient’s information and comply with the HIPAA Compliance Standard. The Company has helped the organization align its operations with the HIPAA Compliance Standard and covered them from potential violations. Their team of experienced consultants provides full Compliance support and guidance throughout the process to ensure the organization is in line with the regulations. Their dedication and commitment to services make them a prominent player in the industry offering effective HIPAA compliant solutions. To learn more about the company you can visit the website www.vistainfosec.com

Narendra Sahoo
Narendra Sahoo

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.