HIPAA Law in USA
HIPAA law in USA is made up of three main rules. These include the HIPAA Privacy, Security, and Breach Notification Rules.
HIPAA Privacy Rule
The HIPAA Privacy Rule dictates the proper uses and disclosures of protected health information (PHI). Under this Rule, PHI access to be limited to the minimum necessary to perform a job function.
HIPAA Security Rule
The HIPAA Security Rule requires organizations to implement safeguards to secure PHI. These safeguards (administrative, technical, physical) must ensure the confidentiality, integrity, and availability of PHI.
HIPAA Breach Notification Rule
The HIPAA Breach Notification Rule requires breaches affecting PHI to be reported. These incidents must be reported to affected patients and the Office for Civil Rights (OCR). Breaches affecting 500 or more patients must also be reported to the media.
How Does HIPAA Law in USA Apply Internationally?
So how does all of this apply to you if your business is not in the USA? Well, healthcare providers often rely on the services of international companies to run their practices efficiently. Businesses such as yours are known as business associates.
But how do you know if your business qualifies as a business associate?
Well, if you have the potential to access your client’s data over the course of the work you provide for them, you are a business associate. Common examples of business associates include software providers, cloud service providers, web hosting services, website developers, and managed service providers.