Search in Boards

Search the entire site bulletin board

References

Contact Us

Tel. +82 2 6749 0701

AM 9:00 ~ PM 6:00

Saturday,Sunday,Holiday :
Days Off

02.6749.0711
info@igcert.org

Publication-English

IGC 홍보자료 배너
 

HIPAA (Health Insurance Portability and Accountability Act)

Page Information

profile_image
Writer igc인증원
Comment 0Times Lookup 1,853psc Date Created 23-08-04 10:55

Contents

HIPAA (Health Insurance Portability and Accountability Act)

HIPAA?

On August 21, 1996, the U.S. Department of Health and Welfare enacted the Health Insurance Portability and Accountability Act (HIPAA) to prevent patients' personal health information (PHI) from being disclosed without their own consent.

This can be applied to medical institutions and organizations that provide related services (cloud service providers, etc.) according to the collection and utilization of electronic information. The main goal is to ensure limited and secure use of the information needed to provide personal health information.

HIPAA (Health Insurance Portability and Accountability Act)< HIPAA (Health Insurance Portability and Accountability Act) >

Information Protectable by HIPAA

The Privacy Policy (HIPAA) protects all “individually identifiable health information” possessed by covered entities or partners in any form or medium, whether electronic, paper or oral.

Individually identifiable health information includes the following information, including demographic data, name, address, date of birth, social security number, etc.

  • •  A person's past, present, or future mental health or condition
  • •  Provided Medical Services
  • •  Past, present, or future payments to provide healthcare to individuals

Subject to HIPAA

  • •  Health Plan: Individuals and groups (insurers, long-term care insurers, etc.) who provide or pay for medical services
  • •  Medical Service Provider: Any medical service provider of health information electronically, regardless of size
  • •  Healthcare Information Center: Groups that use and process non-standard information provided by other partners
  • •  Related business providers: Service providers for specific functions or activities or identifiable health information on their behalf

HIPAA Requirements

HIPAA requirements are categorized as administrative, technical, physical, and other.

  • •  Administration: establishment of information management procedures, etc.
  • •  Physical: Management of physical devices/places/systems for personal information protection, etc.
  • •  Technology: access and use of software and cloud, integrity assurance, etc.
  • •  Others: contracts with stakeholders, document management, etc.

HIPAA provides specific standards for the use of patients' medical information in medical organizations subject to privacy rules, and uses appropriate information to protect and prevent abuse of personal medical information.

Covered entities may be subject to fines through the U.S. Department of Justice or the Department of Health and Human Services if they do not comply with the requirements.

Necessity of HIPAA

  • •  Acquisition of reliability through meeting stakeholder needs
  • •  Implementation of a safe system through the establishment and operation of systematic information management procedures

Comment list

There are no registered comments.