Our Legal Obligation on Data Protection – HIPAA

Everything we do, from the method of storage to how our employees interact with data and take adequate step to ensure it complies with our obligations, is about protecting sensitive legal documents and patient information. We comply fully with HIPAA (Health Insurance Portability and Accountability Act) of 1996.

What Is HIPAA?

Passed by Congress in 1996, it specifies a number of issues on healthcare provision, covering such issues as what would happen in the result of a person losing their job, tax and administration. The Privacy Rule specified standards on how both hard copy and electronic data should be protected. In 2003, the Act was modified to include specifics standards for electronic data protection (The Security Rule), and it is this element of HIPAA that is most relevant to what we do. The Privacy Rule and Security Rules together define the legal obligations of all entities handling, collecting and storing patient data.

 

Legal Obligations of HIPAA

Information that is covered by the Security Rule and the Privacy Rule include:

• Any al all confidential information shared between medical professionals, or between any legal party, insurance provider and healthcare professional

• Conversations, including hard documents and emails, that any doctor has with any patient about treatment and care

• Any information stored in the computer system of insurance companies that pertain to patient care and health provision

• Billing information and details on financial transactions regarding a patient’s healthcare

• Any other information about a patient and his or her medical care that is held for any reason by others who are require to follow HIPAA, including legal and government entities

 

Information on Data Storage and Protection

All organizations covered by these Rules of HIPAA are required to put safeguards in place that protect highly sensitive information about health and healthcare provision. They are required to limit access to employees on a “need to know” basis in order to maximize compliance with the Rules. Access to patient records and legal documents should be treated with the utmost security to ensure continued protection.

Adequate steps must be taken to protect data from electronic attack or “hacking”, and bodies are also required to train employees in the proper handling and protection of data – to retrieve only necessary data and in of the proper disposal. Records must not be removed from designated areas and from buildings under strict guidelines on protection.