Before discussing HIPAA compliance software, let us look at where it comes from. HIPAA stands for Health Insurance Portability and Accountability Act (note that's HIPAA, not HIPPA). Enacted in 1996, it introduced a number of reforms to the American healthcare industry. It has since been viewed as an issue of considerable importance in to the health industry even outside The United States, regarding its demands for the protection of patient privacy. Following the act, the HIPAA Privacy Rule was issued by the U.S. Department of Health and Human Services to facilitate implementation of the privacy-related aspects of the act. Even though the Privacy Rule covers only a part of the HIPAA act, it is that which has received the greatest attention and the terms ‘Privacy Rule' and ‘HIPAA Act' are often used interchangeably.
So What's HIPAA Compliance?
Compliance has become a familiar term since the turn of the millennium, yet many people are still not quite sure what it means. But it's really quite simple. Compliance is nothing more (or less!) than meeting requirements - and it's always with regards to a specific source - normally a law like HIPAA or SOX or an international standard like ISO or PCI-DSS In other words, compliance means doing what that law or standard states you need to do. The achieving of HIPAA compliance entails implementing a comprehensive set of procedural controls including the creation and maintenance of a 'HIPAA policy'.
HIPAA Compliance Software to Help Achieve Compliance
There are no ‘instant solutions‘ available to the healthcare institute for answering HIPAA compliance requirements. However, privacy is linked to data security and this is an area where technology can certainly assist in achieving the goal. Bsafe Information Systems produces a range of regulatory compliance software that addresses many specific HIPAA requirements.
HIPAA Compliance Software and Administrative Safeguards
The Privacy Rule Amendment §164.308 - ‘Administrative Safeguards' states a number of requirements that can only realistically be achieved through the implementation of appropriate software. For example, you are required to implement measures to reduce potential risks and vulnerabilities to sensitive information in your systems to a ‘reasonable and appropriate level'. The same section goes on to state the need for regular reviews of information system activity, such as security incident tracking reports, audit logs and access reports. These things can hardly be achieved through procedural controls alone without some kind of HIPAA compliance software to make such information available.
