Regulatory compliance is a phrase that sends a shiver down the spine of even the most experienced network administrator. Ever since the Health Insurance Portability and Accountability Act or HIPAA was introduced in 1996, covered entities holding protected health information (PHI) or electronically protected health information (ePHI) have been under pressure to keep it safe.
Organizations that fail to keep this data safe face severe financial consequences, depending on their level of awareness. Annual HIPAA Fines can cost up to $25,000 for non-compliant organizations who had no knowledge of wrongdoing, $100,000 for those with reasonable cause, $250,000 for wilful neglect – corrected, and $1.5 million for wilful neglect – uncorrected (which would be adjusted for inflation).
Unfortunately, complying with the regulations isn’t a matter of filling out a few forms. The growth of cloud computing and the Healthcare industry’s struggle to prevent disclosure of patient data calls for a hands-on approach to network security and internal access controls.
In this article, we’re going to examine the HIPAA regulations and provide you with a HIPAA compliance checklist to help you stay on the right side of the regulations and protect patient’s protected health information.
What is HIPAA?
HIPAA was put in place to regulate the handling of protected health information. The act created industry-wide standards for data handling, cybersecurity, insider, access, and electronic billing. One of the most important regulations to emerge from the rules was that medical data must remain confidential.