Recent updates to the pre-existing HIPAA, the abbreviated version of The Health Insurance Portability and Accountability Act were announced earlier this year. The Act has been a part of the IT sector’s long history ever since its release in 2003. HIPAA started as a security rule in 2003 and primarily targeted to the health care professionals and the industry. The act aimed to bring about a paradigm shift in the security of health information, patient confidentiality, information integrity, and protection to all health information available online (ePHI). The HIPAA Omnibus Rule, debated this year, opened up new doors for HIPAA compliance initiatives. In this article, we look at the changes made to the act and report on their impact on the IT security and health care professionals.
Updated HIPAA Definitions for ePHI:
The availability of electronic protection health information is one of the forerunning objectives of the HIPAA act. The recent 2017 changes in HIPAA has updated definitions of common terms under ePHI.
According to the new definition, Encryption is an approach that involves the use of an algorithmic process to transform data into alternative forms that can only be accessed using a confidential decryption key. There are low chances of data compromise over encryption.
Accessing data/information is the process of reading, writing, modifying, overwriting, and communicating data from one party to another.
According to the act, a technical safeguard is a collective term for all kinds of technology, various policies, and protocol in place to ensure that there is controlled access to electronic protected health information.
A typical workstation could mean anything on the lines of a laptop or a personal computer or any other electronic device that can perform a set of core functions and is able to store and analyze data from a particular environment.
Data breaches and the HIPAA Omnibus Rule
Prior to the establishment of the HIPAA Omnibus Rule, the two scientific communities involved, the healthcare and the IT security, debated on the regulation and premises that would lead to a situation of a data breach or a breach of data. This would help both communities understand when and how they could report in situations such as a breach. While advocates argued that privacy is important and any disclosure could mean a breach in private patient data, others argued that there should be a more firm premise for claiming a breach in data. There should be a significant loss to the individual either financially or other means.
To conclude
The new Omnibus Rule affects IT professionals in different ways, even with the problems related to business and maintenance and sharing of electronic records of patients, the security issues of the changes in HIPAA are manageable and not detrimental. From a security point of view, even the updated ePHI policies on data breach classification are more structured and benefit both health care and IT security professionals.
References from : http://searchitchannel.techtarget
