The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with
protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
Covered entities (anyone providing treatment, payment, and operations in healthcare) and business associates(anyone who has access to patient information and
provides support in treatment, payment, or operations) must meet HIPAA Compliance.
Is it your responsibility to ensure that your clinic is HIPAA compliant? Is it the doctor’s responsibility? What if you’re the IT guy? Is HIPAA your duty? What if you are just a janitor at a healthcare organization? The answer to all those questions is: every single person who interacts with patient health information in any way must protect it. That means if you:
Talk to patients directly
Give out prescriptions
Take blood pressure
Manage the firewall for a healthcare environment
Manage a database that holds patient data
Encrypt patient data on behalf a provider
you are responsible for HIPAA and HIPAA violations. Employees may individually face charges if patient data is compromised, but that doesn’t mean providers are exempt from making sure the organization is HIPAA compliant.