Privacy protection, particularly in the world of healthcare, remains a primary concern for health plans, patients, and their families, especially as more systems and technology platforms compromise records.One of the most notable patient protection laws is the Health Insurance Portability and Accountability Act (HIPAA). From reducing healthcare fraud to protecting insurance after changing a job, it covers many guidelines and mandates to protect patients.
In 2003, the national data privacy rule was issued under HIPAA, which gave several of individual rights to protected health information (PHI). That same year, a security rule began that sets standards in safeguarding electronic healthcare information. These guidelines help health-centered organizations like health plans and hospitals use to stay ahead of cyber attacks and various other threatening spyware, and is critical to the safety of those within their systems.
While many of the changes and regulations under HIPAA have started to pave the way for new levels of patient security, there is still a lack of implementation and clarity. For example, although health care providers generally seek patients’ permission to disclose their information to submit health insurance claims, the HIPAA privacy rule allows disclosure of PHI without authorization for “treatment, payment, or health care operations.” This provision creates a significant risk of confidentiality breaches.
These issues are why the recent protections are so important right now.
HITRUST, or the Health Information Trust Alliance, was founded in 2007 to help organizations in all sectors, but particularly healthcare, effectively manage data, information risk, and compliance. The HITRUST Certification (by the HITRUST Alliance) enables vendors and covered entities to demonstrate compliance with HIPAA requirements based on a standardized framework. With the intent to provide an option for the healthcare sector to address information risk management across a matrix of third-party assurance assessments, HITRUST aims to consolidate, reduce, and in some cases, eliminate the need for multiple reports.
This alliance offers an assessment called the HITRUST Common Security Framework (CSF), which serves as a roadmap to data security and compliance. It is a certifiable (by security assessors) standard and designed to be a risk-based approach to organizational security, as opposed to a compliance-based approach, and combines aspects from common security frameworks like ISO, NIST, PCI, and HIPAA.
When it comes to your privacy, there is a lot to consider as a range of variables and unknowns within the regulations and laws still exist. But some peace of mind may come from the fact that positive changes continue as companies work to prevent these types of breaches better, and, ultimately, better protect those they serve.
Go here to learn what GA Foods is doing to protect your members' information, including our recent HITRUST CSF® Certification.