The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed for healthcare organizations to safeguard the privacy of electronic health information and was later supported by a Privacy Rule and a Security Rule.

• HHS published a final Privacy Rule in December 2000, which was later modified in August 2002. This Rule set national standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically.  Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).
• HHS published a final Security Rule in February 2003. This Rule sets national standards for protecting the confidentiality, integrity, and availability of electronic protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans).

Who does it apply to?

HIPAA was intended to protect individually identifiable health information, or Protected Health Information (PHI) by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically. 

How can Socium Security help?

Socium Security can assist organizations with completing the risk assessment process utilizing the Security Risk Assessment (SRA) tool, and to design and implement a security program based on the requirements of HIPAA.