One of the most common questions we receive is to explain the difference between the two HIPAA regulations. Although the Privacy and Security Rule work together, they’re distinct have have a unique purpose.
In a nutshell, the HIPAA Privacy Rule focuses on the rights of the individual and their ability to control their protected health information or PHI. It allows practices to use the information for treatment, payment and other required functions, but otherwise it must remain confidential. This is an assurance that the information will be safeguarded from unauthorized disclosure. The Privacy Rule covers the physical security and confidentiality of PHI in all formats including electronic, paper and oral. Too often we see facilities that have forms like the Notice of Privacy Practices, but absolutely no polices in place.
The HIPAA Security Rule on the other hand only deals with the protection of ePHI or electronic PHI that is created, received, used, or maintained by a covered entity. Requirements include a risk assessment and policies that outline facility specific safeguards used to secure ePHI. HIPAA was designed to be flexible and scaleable, but it still requires all covered entities to have policies that list details like password management, data backup procedures, remote access, email protocol, facility access and more. Our 2019 HIPAA Security Manual walks you through all the required or addressable elements required by the Security Rule and afterwards you have custom policies specific to your facility.
Our 2019 HIPAA Manuals are completely up to date and make compliance affordable and easy. They include Policies, Employee Training, Risk Assessments, Forms, Posters and more. Don’t risk a HIPAA fine for having outdated materials or employee training any more. Not complying with the HIPAA Security and HIPAA Privacy Rules cost practices almost $20 million dollars in fines last year. Getting compliant with these requirements doesn't have to be expensive or complicated. Call us today if you have any questions about our products or your obligations under HIPAA.