PHI, ePHI, Privacy, Security, HIPAA Security rules, HITECH act – struggling to grasp these terms and how these apply to you? You are not alone…

Healthcare Information Portability and Accountability Act(HIPAA) lays out sets of rules and guidelines that every covered entity and their business associate must follow to protect any sensitive patient health information and other medical information. Out of the five rules established by this act, 2 common ones: HIPAA security rules — deals with Protected Health Information (PHI) and establish how PHI can be disclosed to another party without patient authorization and HIPAA privacy rules — which deals with how Electronic Protected Health Information (ePHI) is created, stored, and transmitted.

Introduction of Health Information Technology for Economic and Clinical Health Act (HITECH) expands upon HIPAA and establish mandatory legal compliance requirements on top of obligatory ones for covered entities and their associates.

In this post, we will talk about HIPAA security rule, specifically technical safeguards, out of 3 established administrative, physical and technical safeguards. We will cover both administrative as well as physical safeguard in our subsequent posts. Feel free to submit your email if you would like to be notified back.

Technical safeguards defines the technology, policy and procedures to protect electronic protected health information. As these safeguards are highly technical, many small as well as large providers are unable to implement these without the assistance of healthcare information technology(HIT) consultant. Let’s explore through these requirement in the following infographic:

Embed This Image On Your Site (copy code below):

With the continuous advancement in mobile healthcare technology and widespread adoption of digital health, HIPAA compliance is becoming increasingly complex and presents unique set of challenges for healthcare organizations to ensure privacy and security of PHI.

As clinicians and patients increasingly using their mobile devices to communicate, transmission of ePHI is inevitable. Healthcare organization should review their workflow to implement guidelines to secure storage and transmission of ePHI.