HIPAA administrative simplification (AS) provisions defining the rules and requirements concerning methods for the privacy and security of information systems in health care. In Title II, outlines the Department of Health and Human Services (HHS) the rules for the use and dissemination of personal health care.

These rules apply to persons, including health plans, medical centers, such as billing companies outsourcing and community health information systems and health care suppliers that transmit health information in a manner that is regulated by HIPAA. [Code of Federal Regulations
Title 45, Volume 1]

Privacy Rule establishes rules for the use and disclosure of Protected Health Information (PHI). PHI is any information on health status, health care or payment for health care, which could be related to a person. These are all part of a medical record or payment history. Code [the federal regulation. Title 45, Volume 1]

Security Rule deals specifically with electronic protected health information (Ephi) and requires administrative protection measures – policies and procedures to show clearly how the company will comply with the law on

covered entities that have to source parts from their business to a trusted third party processes to ensure that their suppliers have also created a framework to meet with HIPAA. Companies typically gain this assurance through clauses in contracts that the vendor meet the same requirements for data protection, apply to the company. Steps must be taken to determine whether the seller also be monitored for the sources of data processing functions to other providers and whether the contracts and controls are in place.

A contingency plan should be able to respond to emergencies. The persons listed are for the protection of their data and disaster recovery procedures. The plan should document data priority and failure analysis, testing activities and change control procedures.

Internal audits play a key role in HIPAA by reviewing operations to identify potential security gaps. The tests should both systematic and based on events.

To have an online backup, HIPAA is you need to meet all requirements of the HIPAA Security Final Rule of February 2003 and after 21st April 2005 meeting. You must ensure that the backup service exceeds the standards in the rules of security by encrypting all data before they have a secure SSL connection to the remote backup service. An effective solution is to have the key generated by the customer and make sure only to the client and that the key is not transmitted to the server, HIPAA compliant online backup known.

A provider of online backup HIPAA data should be encrypted on the server with encryption in the military and not on the Internet to the backup vendor or employee. Make sure that the local backup all client data is encrypted before transmission to the remote systems. The data can be recovered by transfer to the local client, which decrypts the data using the key.


individual health care