Do You Have to Follow the HIPAA Enforcement Rule?

HIPAA Enforcement Rule

Look within the pages of regulations that comprise the Health Insurance Portability and Accountability Act, and you will find a variety of rules, standards, and guidelines.

One of these rules is the ominously-named HIPAA Enforcement Rule. What is the HIPAA Enforcement rule, and how does it apply to your organization?

HIPAA Enforcement Rule Summary

It may help to look at the purpose of HIPAA and who must follow the provisions of the law. The primary focus of the law is to ensure the privacy and security of patients’ protected health information (PHI)  in both physical and electronic formats (ePHI). This includes providing patients the right to access their PHI and control its use.

The law defines standards that must be met to achieve HIPAA compliance. Four rules define the standards of compliance:

The HIPAA Privacy Rule This rule requires covered entities such as medical providers, health insurance companies, and health information clearinghouses to protect PHI. The rule mandates that guidelines be in place to protect the privacy of patient health information. It also requires limits and conditions on the use of PHI, controls for access to PHI, and limits disclosure of PHI.

It also guarantees that patients have the right to access their medical records, including PHI, to have copies of their records and correct errors found. Covered entities must have written HIPAA policies and procedures to fulfill all of the requirements of the Privacy Rule.

The HIPAA Security Rule This rule sets the security requirements and standards to protect PHI and ePHI when being transmitted and stored. Both Covered Entities and Business Associates (companies who perform services for covered entities that require them to possess patient PHI) must meet the requirement of the Security Rule, including:

  • Physical safeguards – Physical security such as access control security.
  • Technical safeguards – Protecting electronic data by using encryption. 
  • Administrative safeguards – PHI protection, management, and storage policies and procedures.

Make Sure You’re HIPAA Compliant

We can help you meet all HIPAA rules with a simplified software solution.