Gazelle Consulting

What is the Purpose of HIPAA?

What is the Purpose of HIPAA?

HIPAA compliance can be confusing and daunting. Is it HIPAA or HIPPA? Do I need to be HIPAA compliant? Who enforces HIPAA? If you’ve been asking “what is the purpose of HIPAA?”, then you’ve come to the right place

HIPAA was created to regulate patients’ rights to privacy

Prior to its establishment in 1996, patient’s personal health information (PHI) could be used for abuse and discrimination. Before HIPAA, you could be fired based on your medications or diagnosed conditions! Luckily, we’ve come a long way from this. HIPAA is a critical part of patient care to this day. However, it isn’t taught in medical school or related programs in detail. Now that HIPAA is in place, patients have the right to:

  • Know how their PHI is accessed and who can access it
  • Receive a copy of their information
  • Designate their personal representatives
  • Request special privacy protection for PHI
  • Make changes to their PHI
  • Access the PHI of their children if they are under 18

In order to ensure that patients are effectively granted their rights to privacy and security, the HHS developed the HIPAA laws, which set forth standards for achieving common requirements of IT Security frameworks. The HIPAA Security Rule requires all organizations to protect the Confidentiality, Integrity, and Availability of PHI. This is referred to as the security triad or CIA, and is the basis of all IT security frameworks. The purpose of this approach is ensure that providers and business associates have functional requirements that will guide their implementation of a HIPAA program that will protect patients rights.Many organizations and companies, even outside of the healthcare industry, handle PHI and must therefore be HIPAA compliant.  A small healthcare provider is held to the same standard as a large insurance company such as Blue Cross Blue Shield! It is critical that patients can trust their providers, and be treated with the respect, privacy, and care that is legally granted to them.

HIPAA In Your Organization

The purpose of HIPAA varies across different organizations of all sizes, and across industries. Any organization handling PHI must be HIPAA compliant, but other circumstances that require a compliance assessment include:

  • Preparing for an audit by the Office for Civil Rights (Spoiler! That’s who enforces HIPAA!)
  • Proving your compliance status to a clients such as a hospital or insurance company
  • Preventing a security breach
  • Developing healthcare related software or services
  • Win work in the healthcare industry

When implementing a HIPAA compliance program, it’s important take time in advance to consider the purpose HIPAA compliance will serve for your company. The security and privacy requirements that are associated with HIPAA compliance can have a positive impact on your organization beyond all the paperwork — having a developed security program will help mature your company’s operations and protect your data.Does your organization handle PHI? Do you know what your risks are? Are you sure you are HIPAA compliant?Gazelle Consulting is here to help! We offer a full range of services, from PHI risk assessments, security implementation, and protection from data breaches for any size business!Shoot us an email at or give us a call at (503) 389-5666!

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest

Popular Posts

  • How to Handle the Loss or Destruction of Medical Records

    Whether it be an delete happy IT admin, a theft, or a glitch in your system, lost health records can have an impact on your patients...

  • 2018’s Most Interesting HIPAA Violation Cases

    2018’s Most Interesting HIPAA Violation Cases

    Since the 2003, the Enforcement Act, an addendum to HIPAA that gave the OCR the right to enforce HIPAA on behalf of the HHS, we’ve seen an ever increasing number of fines and breaches.

  • The Specter of HIPAA Enforcement

    Who Enforces HIPAA?

    HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).

  • Stronger HIPAA enforcement

    HIPAA Consent Form – How to Obtain HIPAA Authorization

    Earlier this month, the Office for Civil Rights (OCR) announced a new plan to strengthen HIPAA enforcement in response to criticism from the Office of Inspector General (OIG). The OCR will be beefing up their compliance investigations and expanding their audit program in 2016.

  • What is the Purpose of HIPAA?

    What is the Purpose of HIPAA?

    HIPAA compliance can be confusing. Is it HIPAA or HIPPA? Do I need to be HIPAA compliant? Who enforces HIPAA? Gazelle Consulting is here to answer your questions and help you to achieve compliance quickly and painlessly!