How the HIPAA Security Rule Affects Your Business
By Brian Shrift, HCISPP
When most business people think about HIPAA, they often write it off as applying only to those in the healthcare industry. However, even if you are not in the healthcare industry yourself, your business could be subject to HIPAA if you work with clients in the healthcare industry or if your clients work with clients in the healthcare industry.
If you work with hospitals, physicians, pharmacies, therapists, dentists, chiropractors or any other business which is considered a “Covered Entity” under HIPAA, you may be considered a “Business Associate” and subject to the HIPAA Security Rule. In addition, if your clients are considered Business Associates, you may also become a Business Associate, identified in the HIPAA rules as a “downstream vendor.”
If you are a Business Associate, either directly or as a downstream vendor, you must, among other things, comply with the HIPAA Security Rule (the “Security Rule”). The Security Rule’s primary objectives are to ensure the confidentiality, integrity and availability of protected health information (“PHI”). In plain English, the law was written to ensure that adequate safeguards are in place to protect patient information from unauthorized access and disclosure, improper alterations or deletions, and to assure it is accessible when needed. [Read more…]