Various standards or regulations make up the Health Insurance Portability and Accountability Act (HIPAA), which can be used to monitor compliance. The HITECH Act and the Transactions and Code Set Standards, Identifier Standards, Enforcement Rule, Omnibus Final Rule, and Privacy, Security, and Breach Notification Rules are all parts of the HIPAA Rules.

The HIPAA Privacy Rule establishes national standards for protecting patient medical records and other protected health information (PHI) and the use and disclosure of PHI. For the confidentiality, integrity, and availability of electronically protected health information, the HIPAA Security Rule requires protections (ePHI). According to the HIPAA Breach Notification Rule, the U.S. Department of Health & Human Services (HHS), affected individuals, and, in some circumstances, the media must all be notified of a breach of unprotected PHI. Business associates and covered entities are subject to HIPAA Rules.

Organizations that work in or with the healthcare sector or have access to protected health information (PHI) must be familiar with the HIPAA Rules and follow their requirements. Following the HIPAA Rules will help ensure that a company maintains the security and privacy of a patient’s PHI and is ready to notify the necessary parties and institutions in the event of a non-compliance.


See Scrut in action!