THE RELATIONSHIP BETWEEN HIPAA Security AND ecommerce
HIPAA Security Rules
The Security Rule applies to covered entities — insurance providers, healthcare centers, and any healthcare provider who conveys health information through electronic mediums connected with a business. The HIPAA privacy rule protects the privacy of separately perceptible health information known as protected health information (PHI), as described in the Privacy Rule. The security rule protects a subcategory of information enclosed by the privacy rule, covering all individually identifiable health information created by, received, maintained, or transmitted in electronic form.
The Security Rule needs protected entities to maintain reasonable and appropriate administrative, technical, and physical protections for securing e-PHI. Precisely, covered entities must:
- Guarantee the privacy, integrity, and accessibility of all e-PHI which they create, collect, maintain, or transmi
- Shield against reasonably anticipated unauthorized uses or disclosures of sensitive data
- Identify and protect in defense of rationally predicted threats to the security or integrity of the information
- Ensure compliance through their workforce
The Security Rule that states "confidentiality" means that e-PHI is not accessible or disclosed to unauthorized persons. The confidentiality requirements of the Security Rule support the privacy rule's exclusions against inappropriate uses and leaks of PHI. The rule also indorses the two different areas of maintaining the integrity and availability of e-PHI as well. "Integrity" under this rule means that e-PHI is not changed or demolished unlawfully. Moreover, the "availability" under the security rule means that e-PHI is available and operational on demand by an authorized person.
Covered entities range from the smallest provider to the most extensive multi-state health plan. Each is solely responsible for providing security on their HIPAA website, patient portals, and HIPAA compliant mobile apps. This is why the security rule is flexible and ascendable to allow protected entities to evaluate their own needs and implement solutions suitable for their specific settings.