Home Offsite Backup Regulatory Compliance
Article Index
Regulatory Compliance
All Pages



The Health Insurance Portability and Accountability Act of 1996 imposes standards for the privacy and protection of all health information that can be linked to individuals. Health and Human Services (HHS) has published final HIPAA regulations that affect virtually every area of health-related organizations in the United States, from the one-physician office to hospitals, health systems, HMOs, health care support services, and others. Part of this act is focused on the secure storage and transmission of confidential patient data over computer networks. Privacy regulations were released in December 2000, made final on April 14, 2001, and went into effect in April 2003.

Non-compliance carries stiff civil and criminal penalties.

All health care organizations are affected in some way by HIPAA. The entities that are affected include all health care providers (even one-physician offices), health plans, employers, public health authorities, hospitals, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities.

A broad definition of personal health information (PHI) includes - All individually identifiable health information in ANY form or media including subsets of health information such as demographics. The HIPAA privacy mandate defines who is authorized to access information (the right of individuals to keep information about themselves from being disclosed). HIPAA requires the ability to establish and maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure integrity, confidentiality, and availability of the information.

Healthcare organizations are required to individually assess their security and privacy requirements and take suitable measures to implement electronic data protection (both while in transit and during storage).

If the data is processed through a third party (Rentavault Inc.), entities are required to enter into a chain of trust partner agreement. This is a contract in which the parties agree to electronically exchange data and to protect the transmitted data. The sender and receiver of data are required and depend upon each other to maintain the integrity and confidentiality of the transmitted information.