Health Insurance Portability and Accountability Act
US federal law that regulates personal medical data protection.
HIPAA
Приведение в соотвествие требованиям HIPAA
Ask a question to our experts
E-mail us to get consultation on HIPAA
Or call by phone: (044) 332 01 17
Requirements of the Law are divided into three sections:
The Privacy Rule
Privacy practices - is a set of federal standards that provide patients with access to their medical records and enable them to control how their data is used and disclosed.
The Security Rule
Security Procedures - defines standards for the implementation of basic guarantees for the protection of electronic personal medical data. Describes a set of administrative, physical, and technical measures to be taken to protect data.
The Breach Notification Rule
Data breach notification procedure - requires organizations that are subject to the Privacy and Security Rule to notify the government, citizens and, in some cases, the press, about cases of leakage of unprotected personal medical data.
About HIPAA standart
General information about the standard
HIPAA (Health Insurance Portability and Accountability Act) - Federal Law, adopted in 1996 and significantly improved in 2013, which specifically regulates the protection of personal medical data.
Who should comply?
Individuals and organizations in the field of health (Covered Entity). After the adoption of the latest amendments in 2013, organizations that are not related to health care, but provide services related to the processing, storage or transmission of personal medical data ( Business Associates).
How to comply?
To comply with legal requirements, organizations that process, store, or transfer personal health information must:
Take all necessary administrative, physical and technical measures to protect personal health data
Ensure staff are aware of the legal requirements and their obligations to protect personal medical data
Develop and implement procedures for working with data, their backup and providing access to them in case of emergency
Sign a supplementary agreement (Business Associate Agreement), which separately stipulates the responsibilities for the protection of personal medical data, with all contractors who will be involved in the provision of services related to data
Provide data leak notification procedure
Our approach to implementation of HIPAA
Methodology
Our methodology allows to introduce a set of measures to ensure compliance in a short time and without high labor costs on the part of the Customer.
Compliance Control consultants have experience in successful projects to bring HIPAA requirements to companies that operate in the US market.
Documentation
We will help develop the necessary documentation in accordance with the specifics of your organization. Draft documents will be announced in Russian, Ukrainian or English (at the request of the Customer)