HIPAA

HIPPA stands for Health Insurance Portability and Accountability Act. HIPPA was legislation that was enacted in 1996. It is a set of regulations issued by the US Department of Health and Human Services to help insure the privacy and security of individual identifiable health information..

PII is information which can be used to distinguish or trace an individual’s identity, such as their name, social security number (SSN), biometric records, etc. alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

PHI is defined as any individually identifiable health information that is explicitly linked to a particular individual and health information which can allow individual identification. PHI also includes many common identifiers as name, address, birth date, and social security number.

HIPPA includes privacy, security and breach notification rules that protect the privacy and security of health information and provide individuals with certain rights to their health information.

The Privacy Rule, which sets national standards for when protected health information (PHI) may be used and disclosed.

The Security Rule, which specifies safeguards that covered entities and their business associates must implement to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI)

Confidentiality (only the right people see it)
Integrity (the information is what it is supposed to be there have been no unauthorized alterations)
Availability (the right people see it when it’s needed)

The Breach Notification Rule, which requires Urology of Indiana to notify affected individuals, U.S. Department of Health & Human Services (HHS), and in some cases, the media of a breach of unsecured PHI

Hackers and adversaries are constantly seeking PII and PHI for the purpose of committing health insurance fraud, identity theft, and other financial crimes. As an employee, you are a target because you have access to what the cybercriminals are looking for PII, PHI, financial, personnel, and patient medical information.