Who falls under HIPAA jurisdiction?
The Health Insurance Portability and Accountability Act (HIPAA) is the U.S. policy that regulates the use, storage, and sharing of protected health information (PHI). HIPAA applies to covered entities, such as health care providers, insurance companies, and clearinghouses, as well as business associates, who are people and organizations that manage PHI but are not directly tied to patient care.
What are HIPAA compliance requirements for managing electronic personal health information?
HIPAA requires that organizations backup exact copies of documents and policies containing e-PHI for at least six years from its creation or the last day it was in effect. In terms of archiving requirements, data copies must be stored with integrity, in an immutable format. e-PHI additionally have to be made available to patients upon request and otherwise only be accessible by authorized personnel. For PHI protection, documents must have updated security settings, and all actions taken on documents must also be captured in an audit log. For a complete view of HIPAA compliance requirements, refer to their website.
ZL Tech for Compliance and Supervision
Learn how ZL Tech exceeds regulatory standards, including HIPAA, for compliance and supervision
HIPAA Privacy and Security Rules
Learn the whos, whats, and hows of HIPAA email archiving requirements
ZL Compliance Manager
Explore how ZL Tech can fulfill regulatory requirements and reduce review times with full defensibility