HIPAA

Resources Case Studies Solution Briefs White Papers Brochures Compliance Rules

LEARN MORE

Make the Next Move

Contact Us
Request a Quote
Request Information
Request a Product Demo
Request a Callback
Find a Partner
Submit an RFP
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Regulatory Compliance Rules & Acts

Health Insurance Portability and Accountability Act

Country:

USA

Applies To:

Healthcare Industry Covered Entities: health plans, healthcare clearing houses, healthcare providers

Regulatory Body:

Department of Health and Human Services

Summary:

The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to ensure the confidentiality, integrity, and availability of protected health information.

A period of 6 years is mandated for the retention of records.

Penalties:

Fines to $250K and imprisonment up to 10 years.

KOMpliance and Health Insurance Portability and Accountability Act Requirements

Records and Compliance Reports	Privacy Rule 45 CFR Part 160.308 Compliance Reviews States that the "Secretary may conduct compliance reviews to determine whether covered entities are complying ..." Part 160.310 (a) Responsibilities of Covered Entities. "Provide records and compliance reports. A covered entity must keep such records and submit such compliance reports, in such time and manner and containing such information, as the Secretary may determine to be necessary..."	KOMpliance® solution The files stored in KOMpliance are readily available and fully accessible by authorized users and applications. The files can be readily copied to media of choice; as required by the Secretary. All indexing is created by the authoring and managing applications.
Data Backup Plan Disaster Recovery Plan	Security Rule 45 CFR Part 164.308 Implementation Safeguards Part 164.308 (a)(7)(ii) Implementation specifications: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.	KOMpliance® solution Supports remote backup capabilities as well as offsite backup media support to meet HIPAA copy requirements. Can provide a completely duplicated remote system by provisioning the storage mirror at a remote site. Responsibility for determining and enacting acceptable plans and procedures rests with the customer.
Retrievable Exact Copies of Protected Health Information	Security Rule 45 CFR Part 164.310 Physical Safeguards Part 164.310 (d)(2)(iv) Data backup and storage (Addressable). Create a retrievable, exact copy of electronic protected health information, when needed, before movement of equipment.	KOMpliance® solution Fully supported - KOMpliance® fulfills this requirement by: Supporting data replication and duplication to duplicate media Supports remote backup capabilities or offsite backup media support Can provide a completely duplicated remote system by provisioning the storage mirror at a remote site.
Encrypt Protected Health Information	Security Rule 45 CFR Part 164.312 Technical Safeguards 164.312 (a)(2)(iv) Encryption and decryption (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information.	KOMpliance® solution Incorporates support for AES-256 encryption.
Prevent alteration or destruction of Protected Health Information	Security Rule 45 CFR Part 164.312 Technical Safeguards 164.312 (c)(1) Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. (2) Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.	KOMpliance® solution Writes are verified by hardware to ensure that the committed buffers are identical. The final phase of the commit process validates and compares the entire contents of the archive storage volume with the original contents. KOMworx® creates a digital signature that is used to validate and compare the archive volume contents with the original image. KOMworx® provides a WORM digital signature validation capability. This provides a complete validation of the accuracy of the recording process and guarantees the integrity of the contents.
Protect transmitted information from unauthorized access	Security Rule 45 CFR Part 164.312 Technical Safeguards 164.312 (e)(1) Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. (2) Implementation specifications: (i) Integrity controls (Addressable). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. (ii) Encryption (Addressable). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.	KOMpliance® solution Incorporates support for AES-256 encryption.

Additional Information:

Covered Entitities

HIPAA Administrative Simplification Statute and Rules