HIPAA Security Rule Compliance
healthcare, compliance, high impact
Tags:
Type
1st-Party
Key Roles
Risk Manager, CEO, CFO, Chief Risk Officer
Key Feature Aspects:
fair, easy, affordable, enterprise risk management
About this Use Case
LIVING DOCUMENT
Progress Updated Periodically
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.1 To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.
BreachRisk can help applicable organizations identify anticipated threats, verify the confidentiality of some of e-PHI, and anticipate possible disclosure incidents. It can also support the The Administrative Safeguards provisions in the Security Rule to providing risk analysis and supporting risk management.
Success Summary
Why BreachRisk™ is a good fit
BreachRisk directly satisfies the need to analyze risk and identify threats. It can also support verification of confidentiality. Healthcare organizations tend to be very resource-constrained, so the automated delivery of BreachRisk helps alleviate manpower concerns that might typically accompany satisfying the security rule.
Barriers or misconceptions
Many healthcare organizations don't know what they don't know. But also many tend to have a very high number of risks. Once risks are identified, the organization may struggle to take mitigation actions due to resource constraints.
Key outcomes
Healthcare organizations satisfy these HIPAA requirements easily, but - more importantly - they enter a new standard of care in identifying and avoiding breaches.
Discussion
We have customers actively engaged in this use case. We'll provide more information soon.
For more information about the HIPAA security rule, please reference this article from HHS.gov.