With the recent changes in HIPAA, breaches of healthcare records, new and higher penalties from the OCS and now random audits by OCS, HIPAA compliance has become more important for healthcare companies. And as Information Security professionals, we may be called upon to conduct HIPAA-based security risk assessment or assist practices or their third party vendors in becoming compliant with HIPAA.
But what does HIPAA entail? What is expected? Are they the same as what are expected in other areas or are there differences? And what about some of the strange terms used: covered entity, business associate? What do they mean? We will go over the basics of HIPAA, the safeguards that make it up, as well as the terms and terminology that surrounds it. While you won't become a HIPAA expert overnight, you will have a better understanding of what it is and be in a better position to assist healthcare organizations in being more secure.