The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is designed to protect health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
The Health Insurance Portability and Accountability Act regulates health care providers’ management of protected health information (PHI), which includes medical records and payment histories. These regulations cover a broad range of administrative, technical and physical security measures. Regulated entities must maintain strict control over employees’ computer access to electronic PHI (EPHI) and ensure that historical EPHI is stored in a format with which no employee can tamper. IT should maintain written records of all configuration settings and changes. Audits should be performed routinely, along with documented risk analysis and risk management programs.
The Health Insurance Portability and Accountability Act requires health care providers and hospitals to retain and protect patient information for 6 years or 2 years after patient passing.