The Health Insurance Portability and Accountability Act or HIPAA is a federal law which is enacted in 1996 to change the way for the patient health care information is handled and protected.

1. The Health Insurance Portability and Accountability Act or HIPAA is a federal law which is
enacted in 1996 to change the way for the patient health care information is handled and
protected. This law is considered as the most significant healthcare legislation since
Medicare in 1965. HIPAA comprises several policies which every healthcare entity should
follow to ensure the safety of the patient healthcare information and also to streamline the
administrative process. One of the most important parts of HIPAA was the creation of the
Security Rule.
The security rule is created to improve the security of the patient healthcare information.
The security rule created guidelines for dealing with three different kinds of information and
created three kinds of safeguards that every covered healthcare entity and business
associates must have.
These three safeguards include:
Administrative
This portion of the rule is designed and developed to help organizations to streamline their
administrative processes. This portion contains complete guidelines to help the covered
entities and business associates to comply with the HIPAA. In order to become HIPAA
compliant, an entity may have a written set of HIPAA security ploicies, have evidence
that their employees are trained and understand how to handle the protected healthcare
information or to appoint a trained officer to enforce all the rules. The written policies must
cover all the aspects of handling the patients’ healthcare information. They should have an
effective plan to ensure the security of protected healthcare information in both electronic
and written form.
Understanding different types of HIPAA security policies

2. Technical
This portion of the rule comprises all the technical aspects of security in handling the access
of the PHI (protected healthcare information) to the computers. It not only covers the
security of the stored data, but also the data transmittal within or beyond the network of
the covered entities. This rule comprises guidelines to ensure the security of the data from
outside intrusion, assuring the authenticity of PHI stored within the network, creating the
requirements for data encryption during transmission and other things which help
organizations to run their operations as per the HIPAA guidelines.
Physical
This portion of rule focuses on how to ensure the safety of PHI while maintaining the flow of
information for offering the excellent healthcare services. The rule contains guideline about
who can access the patient personal healthcare information or who cannot. Besides this, it
also covers subjects like visitor policies, security systems and maintenance records and
policies.
Supremus Group LLC
855 SE Bell Ct, Suite 300
Waukee, IA 50263
Phone Number: (515) 865-4591
Email: Bob@hipaatraining.net