What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act (1996). The section which is most relevant for most of our clients in terms of compliance is HIPAA Title II. Through HIPAA Title II, national standards for processing, privacy and security of non-electronic and electronic healthcare information (Protected Health Information (PHI) and ePHI respectively) have been established. It covers, but is by no means limited to:

  • what and with whom information can and cannot be shared;
  • how information is recorded and stored to ensure standardization, enabling effective and efficient transfer within and between organizations;
  • administrative, physical and technological safeguards to ensure the security of all ePHI;
  • the need for each HIPAA-covered entity to have a unique, 10-digit, alphanumeric National Provider Identifier (NPI); and,
  • the processes and requirements for investigations, penalties and hearings associated with HIPAA Title II compliance breaches


What does HIPAA compliance look like?

All HIPAA-covered entities and their business associates must ensure the security of all ePHI at all times through the implementation of all required administrative, physical and technological safeguards. A “covered entity” is any health care provider (e.g. doctors, pharmacies, care facilities, psychologists, dentists etc.), health insurance companies, HMOs, or other “lheath plan” providers, or healthcare clearinghouse which transmits any health relevant information electronically. A covered entity’s “business associate” is any person, company, other organization or their subcontractors that carries out tasks or provides services to a covered entity which involve the receipt, sending, use or disclosure of ePHI (e.g. laboratories, billing services, IT service providers, accountants and lawyers etc.).


How can Pointe Solutions help you with your HIPAA compliance?

The team at Pointe Solutions is here to help you achieve and maintain HIPAA compliance through developing, implementing and documenting an information security program which ensures the proper protection of all ePHI your company and any relevant business associates. Achieving this involves several steps, with which we can help you as much or as little as you need, including as-is/current state analysis, security gap analysis, preparation audits, technical tests and scans, consulting and advice, supporting you every step of the way to achieve and maintain compliance in this sometimes initially overwhelming area.


Pointe Solutions