What is HIPAA & Why & Who Needs To Comply?

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. Accordingly, the Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.

Who is Covered by the HIPAA Security Rule?

The Security Rule applies to health plans, health care clearing houses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA and to their business associates.

What Information is Protected under the Security Rule?

The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI) which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule does not apply to PHI transmitted orally or in writing.

How does LuitBiz DMS help you become HIPAA compliant?

Section

What it means

How LuitBiz DMS helps

§164.306(a)(1): Standard: Access control

Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).

LuitBiz DMS provides role-based account access and security that ensures that only those individuals with proper authorization can access certain kinds of sensitive information.

§164.306(2)(i): Unique user identification

Assign a unique name and/or number for identifying and tracking user identity.

Proper user ID and password administration capabilities of LuitBiz DMS ensures that all users are uniquely identified and that their passwords are sufficiently secure and periodically changed.

§164.306(2)(iii): Automatic logoff

Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.

The automatic log-off capabilities of LuitBiz DMS secures your sensitive data in case someone leaves a workstation unattended.

§164.306(2)(iv): Encryption and decryption

Implement a mechanism to encrypt and decrypt electronic protected health information.

All documents stored in LuitBiz DMS are encrypted using AES-256 technology for enhanced security and decrypted while rendering the documents in the software.

§164.306(b): Standard: Audit controls

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

LuitBiz DMS provides complete time-stamped audit trail of who has accessed the records and when and also what activities have been carried out on the records.

§164.306(c)(2): Implementation specification: Mechanism to authenticate electronic protected health information

Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.

LuitBiz DMS requires users to enter two passwords to approve any type of document collaboration. The first password is the login password and the second password is an approval password.

§164.306(e)(1): Standard: Transmission security

Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

LuitBiz DMS provides all of these document transmission security features where only persons with the correct access rights are able to view the secured health records.

§164.306(e)(2)(i): Integrity controls

Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.

LuitBiz DMS provides complete control to the document group leaders to oversee document modification. Document lifecycle management feature of LuitBiz DMS ensures that proper procedures are followed before a document reaches its end of life and is deleted from the system.