One of the most common questions we receive is to explain the difference between the two HIPAA regulations. Although the Privacy and Security Rule work together, they’re distinct have have a unique purpose.
In a nutshell, the HIPAA Privacy Rule focuses on the rights of the individual and their ability to control their protected health information or PHI. It allows practices to use the information for treatment, payment and other required functions, but otherwise it must remain confidential. This is an assurance that the information will be safeguarded from unauthorized disclosure. The Privacy Rule covers the physical security and confidentiality of PHI in all formats including electronic, paper and oral.
The HIPAA Security Rule on the other hand only deals with the protection of ePHI or electronic PHI that is created, received, used, or maintained. Covered entities are required to implement adequate physical, technical and administrative safeguards to protect patient ePHI. Example - Lock and key, alarm systems, passwords and access control, computer backup, employee training and HIPAA policies. Keep in mind the Rule is designed to be flexible and scalable, so what's appropriate for one practice might not be adequate for another. What's not flexible is the requirement to implement all three safeguards.
Our HIPAA Security manual makes complying with the administrative safeguard portion painless with policies that address all implementation specifications outlined by the Security Rule.
Our 2024 HIPAA Systems include everything you need to get into compliance quickly and affordably. We have common-sense systems that include policies, employee training, forms, posters and toll-free phone support. We can offer even better pricing on our bundles.
Please don't hesitate to call us if you have any questions at 1-800-522-9308.