What Does HIPAA Stand For?
HIPAA stands for Health Insurance Portability and Accountability Act. It was formed in 1996 and, among other things, protects patient health information.
HIPAA does require a risk analysis which, effectively, requires covered entities to test their security controls. Two significant and important methods for testing security controls are vulnerability scanning and penetration testing.
Who Must Be HIPAA Compliant?
The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse or health care provider who electronically transmit any health information. Examples of covered entities are:
- Health insurance companies
- Company health plans
A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Examples of business associates (whose services involve access to PHI) are:
- IT providers
- Billing and coding services
For more detailed information on the definition of a covered entity and businesses associate visit The Department of Health and Human Services (HHS) website.