- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Glossary
Health Insurance Portability and Accountability Act of 1996 (HIPAA) is United States legislation that provides data privacy and security provisions for safeguarding medical information. HIPAA requires healthcare providers – including doctors, clinics, hospitals, nursing homes, and pharmacies – to assess their administrative, physical, and technical safeguards to reveal areas where the organization’s information could be at risk.
HIPAA's primary goal is to assure that individuals' health information is appropriately protected while allowing the flow of health information needed to provide and promote high-quality health care. HIPAA rules are designed to strike a balance that permits important uses of information, while protecting the privacy of people who seek care and healing.
The Department of Health and Human Services requires all organizations handling protected health information to conduct a risk analysis as the first step toward implementing safeguards specified in the HIPAA Security Rule and ultimately achieving HIPAA compliance. Health and Human Services can impose significant monetary penalties for violations and failures to comply.
To be HIPAA compliant, you’ll have to make regular technical and non-technical evaluations of your efforts to protect health information and thoroughly document them. To beapp HIPAA compliant, you will most likely have to deal with these two safeguards.
Technical Safeguards. Security measures like login, encryption, emergency access, activity logs, etc. The law doesn’t specify what technologies you should use to protect PHI.
Physical Safeguards are aimed to secure the facilities and devices that store PHI (servers, data centers, PCs, laptops, etc.).
The minimum list of features required to make an app HIPAA compliant include: