NEMA HIPAA Privacy and Security Introduction

A NEMA paper on HIPAA is available here:  NEMA HIPAA Security Intro Overview.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed to law on July 21, 1996, and has the general objectives to:

  • Guarantee health insurance coverage of employees
  • Reduce health care fraud and abuse
  • Introduce/implement administrative simplifications in order to augment effectiveness and efficiency of the health care system in the United States
  • Protect the health information of individuals against access without consent or authorization

Within HIPAA there are Administrative Simplification regulations that, in early 2001, are in work.

The HIPAA Security and Electronic Signature Standards Notice of Proposed Rule Making defines security measures to be implemented in healthcare. This white paper gives an explanation of how this rule and the final rule about privacy of individually identifiable health information that became law on December 28, 2000, impact the medical imaging world.

This document is intended for educational purposes. It does not contain concise definitions nor mandatory guidelines, but instead outlines the main components of HIPAA that affect medical imaging equipment.

Covered Entities (CEs) as defined by HIPAA are health plans, health care clearinghouses, and health care providers who transmit any health information in electronic form in connection with certain standard transactions. These CEs need to support many different data formats and protocols. Having only a single set of data formats and protocols will simplify administration. HIPAA defines standards for a set of transactions conducted in electronic form while still allowing any non-standardized paper form for these transactions. The proposed security standard would apply to all health information that is electronically maintained or electronically transmitted. The approved privacy standard applies to individually identifiable health information transmitted or maintained in any form, oral, written or electronic – called Protected Health Information (PHI). There are other regulations pending that deal with National Provider ID and National Employer ID; additional regulations will be proposed on National Health Plan ID, Claims Attachments, and National Individual Identifiers. We should think of HIPAA as an ongoing process to standardize the digitalization of health care information within the United States.

SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See Post HIPAA Privacy and Security Roadmap).  For information on our subscriptions go to Subscribe page on our site.

Cybersecurity Review

Our cybersecurity experts are NESSUS Pro Licensed and can quickly remediate cybersecurity deficiencies with your medical device or digital health software.  Planning, requirements, validation, and submissions – we can assist with all.

Interested in having a conversation?  Email us to arrange a Zoom meeting or call us at +1 781-721-2921.

Corporate Office

15148 Springview St
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN), Canada, and Italy.