How Healthcare IT Teams Can Unify HIPAA Security and Privacy Regulations Using NIST
The Health Insurance Portability and Accountability Act (HIPAA) seeks to ensure that patients’ data, protected health information (PHI), is reasonably protected from both a privacy and security perspective. As we have shifted into the digital age, healthcare providers have had to account for the rise of electronic protected health information (EPHI) and the wealth of new technologies available to both enhance the patient experience and improve patient outcomes. While these technologies have made great strides to their respective ends, they have also opened up a wealth of new opportunities for bad actors to attack organizations that store some of the most intimate information people can imagine.
The HIPAA Privacy Rule
According to the Department of Health and Human Services: The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
In short, the Privacy Rule seeks to protect the confidentiality of PHI that a covered entity handles.
The HIPAA Security Rule
The DHHS states:...