HIPAA Rules

There are four rules designed to keep PHI safe and secure, and to properly notify affected parties in case of a data breach: Privacy, Security, Breach Notification, and Omnibus.

By law, if you are a Covered Entity, you are required to be compliant with the Privacy, Security and Breach Notification Rules.

If you are a Business Associate, you are only required to be compliant with the Security Rule. However, if you’re working with a Covered Entity (or want to), you will need to show reasonable proof that you’re able to safeguard the PHI you receive or create on behalf of the Covered Entity.

Pro Tip for Healthcare Startups: As a startup in the health space, it is important to keep the HIPAA regulations in mind. Identify whether your product is performing a function or service on behalf of a Covered Entity, and then determine whether or not you process any PHI. If either of these is true, we recommend that you plan to comply with the Security Rule, and consider complying with the Privacy and Breach Notification Rules as well.

LEARN AND ENGAGE

Connect with the TrustCommunity

Explore the TrustCommunity forums, ask questions, and learn from your peers.

Topics: 2

Replies: 0

OR