What is HIPAA?

HIPAA is a set of regulations designed to protect the privacy of medical records, health insurance information and other sensitive personal health data. The rules have a wide range of impact on organizations in the health care industry, including physicians, hospitals, health care clearinghouses, and employer-sponsored health plans.

Unlike most other industries, the health care industry is highly regulated. In addition to federal laws, many state laws also apply. Consequently, it is important to understand what the rules are and how to comply.

When implementing a compliance program, you will need to map out your risk exposure and develop a plan to stay compliant. Having an experienced business attorney to guide you can help you do this.

Your organization will need to put in place an internal breach notification protocol. This should notify key employees and ensure that you have a good response in the event of a breach.

While your organization's ability to meet HIPAA compliance requirements will depend on a number of factors, robust monitoring can help you to minimize the impact of a potential data breach. For example, monitoring can enable you to communicate with your patients and train your employees on how to best protect their private information.

A violation of one or more HIPAA rules can result in penalties, including civil monetary penalties, up to 1.5 million dollars per incident. Additionally, certain violations of HIPAA can result in criminal penalties.

In order to be compliant with the HIPAA rules, your organization will need to implement a variety of policies and procedures. These should include policies regarding workstation and facility use, as well as tracking logs and audit reports. These documents will record the steps your organization takes to comply with HIPAA rules.