Understanding HIPAA Compliance

www.cognoscape.com

2 | Understanding HIPAA Compliance | cognoscape.com

Understanding HIPAA Compliance

Upholding the privacy and security of protected health information (PHI) and

personal health records (PHR) continues to be a challenging issue for healthcare

providers in the US. HIPAA, which stands for the Health Insurance Portability &

Accountability Act of 1996, is a Federal law that created national standards to

protect patients’ medical records and data. As a healthcare provider, it’s your duty

to ensure your organization stays up to code on all the latest HIPAA rules and

regulations. Not doing so can lead to heavy penalties, the loss of patient trust, and

an increased risk to data breaches.

Cognoscape can help you reach and maintain HIPAA compliance with ease. By

assessing your vulnerabilities and implementing top-

notch security measures, you no longer have to worry

about the threat of non-compliance. Gain peace of

mind and uphold the reputation of your practice with

our partnership.

Consequences of Non-ComplianceThere are many drawbacks of non-compliance.

HIPAA violations are costly and, while the penalties of

non-compliance depend on your level of negligence,

they can range anywhere from $100 to $50,000

per violation – with a $1.5 million maximum penalty

for violating an identical provision within the same

3 | Understanding HIPAA Compliance | cognoscape.com

calendar year. The risks of non-compliance are wide and varied. From employee errors and

unencrypted PHI to data stored on devices and unreliable Business Associates – there’s no

telling what can happen to your sensitive patient data. In order to steer clear from potential

data breaches and non-compliance fees, it’s important to understand the components of

HIPAA compliance and determine where your organization stands.

4 Major Rules of HIPAA Compliance

Both Covered Entities and Business Associates must protect the privacy and security

of patient information. Covered entities are defined in the HIPAA rules as: health plans,

healthcare clearinghouses (such as a billing service or health information system), and

healthcare providers who electronically transmit any health information in connection

with transactions. A “Business Associate” is a person or entity that assists Covered Entities.

These entities perform specific functions and carry out activities that involve the use or

disclosure of PHI. It’s important to note that a member of the Covered Entity’s team is not

considered a Business Associate.

Now that you know the key differences between the

two and realize that importance of HIPAA compliance,

what’s next? There are 4 major HIPAA rules that you

will need to examine:

HIPAA Privacy RuleIssued by the US Department of Health and Human

Services (HHS), the HIPAA Privacy Rule provides the first

set of national standards to protect patients’ PHI. The rule

sets limits on how health care providers handle, discuss,

and disclose PHI without a patient’s consent. Additionally,

the rule facilitates the flow of health information

necessary to provide high quality healthcare while

protecting the privacy of individuals who need healing.

Cognoscape can help you reach and maintain HIPAA compliance with ease. By assessing your vulnerabilities and implementing top-notch security measures...”“

“

4 | Understanding HIPAA Compliance | cognoscape.com

HIPAA Security RuleThe HIPAA Security Rule provides standards for patient data

stored or transmitted digitally. With the rise of electronic

health records (EHRs) and electronic medical records

(EMRs), there has never been a more vital time to ensure

that patient data and your IT systems are HIPAA compliant.

HIPAA Enforcement RuleThe HIPAA Enforcement Rule contains provisions

that deal with how HHS providers calculate fines for

healthcare providers who have violated any HIPAA rules

following an investigation and administrative hearing.

HIPAA Breach Notification RuleThe HIPAA Breach Notification Rule requires Covered

Entities as well as their Business Associates to report and

provide notification following a breach of PHI. The Federal

Trade Commission has implemented similar provisions that

apply to vendors of PHR and their third-party service providers.

Maintain HIPAA Compliance with Cognoscape

Our security professionals here at Cognoscape are dedicated to providing your healthcare

organization with industry-leading security solutions – so you can achieve and maintain

compliance now and in the long run. Get in touch with us to learn how you can continue to

grow your practice while staying HIPAA compliant at all times.

In order to steer clear from potential data breaches and non-compliance fees, it’s important to understand the components of HIPAA compliance and determine where your organization stands.”

C o g n o s c a p e L LC

1 6 4 7 9 D a l l a s Pa r k w ay, # 2 3 0

A d d i s o n , T X 7 5 0 0 1

( 2 1 4 ) 3 7 7 - 4 8 8 4

c o g n o s c a p e . c o m