Category: HIPAA

California Confidentiality of Medical Information Act vs. HIPAA

Written by
Understanding the HiTrust Certification Process

Patient health information is governed by robust rules that determine how this data is handled, stored, and accessed. Federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) and various state laws strengthen patient rights. HIPAA set a baseline for regulatory compliance with patient health information. Under the “preemption” language in the rule, no state may create less effective or weaker medical privacy protection for individuals.  However, states can exceed HIPAA regulations and institute more stringent requirements. One example of this is the California Confidentiality of Medical Information Act (CMIA), which has greater standards of protection of privacy than HIPAA.  Typically, in conflicts between federal and state rules, the federal rule is the governing requirement. But there is…

A HIPAA Physical Safeguards Risk Assessment Checklist

Written by
A HIPAA Physical Safeguards Risk Assessment Checklist

The HIPAA Physical Safeguards risk review focuses on storing electronic Protected Health Information (ePHI). While the Security Rule focuses on security requirements and the technical safeguards focus on the technology, the physical safeguards focus on facilities and hardware protection. Healthcare providers, covered entities, and business associates must undergo audits to prove regulatory compliance so that they can assure new customers of their security posture. Beginning the road to HIPAA compliance requires assessing security risk and mitigation controls. A HIPAA Physical Safeguards Risk Assessment Checklist What is HIPAA? HIPAA was enacted in 1996 to protect information as people moved from one job to another. The US Department of Health and Human Services (HHS) additionally passed the Privacy Rule in 2003, defining Protected Health Information (PHI) as “any information held by…

Tags:
Categorized in: