Extract from Jim Gill’s article “HIPAA Compliance & the Role of Enterprise Information Archiving”
Most people have heard of the Health Insurance Portability and Accountability Act (HIPAA), so it’s not surprising that companies dealing with digital health information will have to be HIPAA compliant. To do so, any protected health information (PHI) must be kept confidential, secure, and available when being stored or transmitted. HIPAA also requires healthcare providers to implement safeguards protecting PHI against cyber threats, security breaches, and other improper use of health data.
However, with the increasingly complex and interactive elements common in today’s websites and the quickly growing stores of unstructured data from collaboration apps and other SaaS platforms, understanding how regulatory bodies such as HIPAA affect your organization is a vital first step in making sure your website and digital channels comply with archiving and preservation regulations.
What is the HIPAA Security Rule?
Under the HIPAA Security Rule, organizations must:
- Ensure the confidentiality, integrity, and availability of all electronic PHI they create, receive, maintain or transmit
- Identify and protect against reasonably anticipated threats to the security or integrity of the information
- Protect against reasonably anticipated, impermissible uses or disclosures
- Ensure compliance by their workforce
