The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996
Title II of HIPAA, the Administrative Simplification provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers
Let have a look at the Security rule. The HIPAA Security rule has 3 focus areas, just like we discussed in the BS7799 article, they are:
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
The act contains 42 rules which are classified in to .Required. and .Addressable.. 20 rules are marked as .Required.; and 22 are marked .Addressable.
The rules marked as .Required. calls for mandatory implementation, while the others are recommended for implementation. So if you are looking at getting the HIPAA Security audit through, just implement the .Required. rules. But if you are looking at having a good Information Security Management System, it is suggested that you implement all possible rules defined the act.