Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA), which entered into force in 1996, applies to everyone and anyone who handles protected health information (PHI) in the United States.Further, Title II of HIPAA requires businesses and organizations to safeguard patients’ essential and identifying health information.
HIPAA is a federal law that requires organizations to set procedures to protect sensitive patient health information from being disclosed without the patient's consent or knowledge
Obligations & Consequences
The following are few key obligations & consequences, flowing from the HIPAA, on any organization to whom these provisions apply:
-
The HIPAA Privacy rule outlines the standards that covered health organizations (healthcare providers and insurers) must follow to protect patients’ PHI (protected health information). Covered entities may only disclose medical information with a patient’s written consent, unless complying with a court order or as necessary for patient care.”
- The Privacy Rule also gives patients the right to demand correction to mistakes in their record and requires covered entities to notify patients of their privacy rights and how their data is used.
- The Privacy Rule also gives patients the right to access their PHI on request, and the covered entity must provide that information within 30 days.
Challenges
Following challenges, emanating from the UCPA requirements, are currently being encountered by various organizations:
- The organization collects massive amounts of data but lacks the capability to comply with privacy and security rules for the regulation.
- Manually managing data mapping and inventory to provide adequate security based on the risk related to the respective data collected.
- Lack of provision or process to properly destroy data despite the fact that HIPAA mandates that data cannot be changed or destroyed in an unauthorized manner.
- Organizations do not have a mechanism in place to generate record of assurance that provide the proof of permanent deletion.
- Locating and inventorying sensitive data before or after a breach to prove no significant harm that triggers the HITECH Act has occurred.
Solutions
-
Our AI-based, patented solution, TurtleShield DD (Data Discovery and Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments. It enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.
Often, organizational silos between business and IT teams make it difficult to get a complete view of data flowing in and out, especially when shared with third parties or partners. TurtleShield DD automatically maps your “data sharing” to provide clear visibility and actionable insights.