HIPAA Compliance Blog

Prior to the enactment of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, most doctor’s offices had a sign-in sheet on a clipboard at the front desk where patients would sign in. There was no thought about whether someone’s name or appointment information would be seen and recorded.

According to the U.S. Department of Health and Human Services, the HIPAA Health Insurance Portability and Accountability Act of 1996 was a landmark piece of legislation issued to set national standards for the protection of specific health information.

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule mandates that covered entities must conduct a risk assessment of their healthcare company.1 A wide range of organizations – from healthcare insurance providers to hospitals – fall into this covered entity group.

Some organizations may view HIPAA compliance as a roll of the dice because, let’s face it, the chances of any type of random audit are slim to none.

The Department of Health and Human Services (HHS) requires all Covered Entities and Business Associates handling protected health information to conduct a risk analysis as the first step toward implemented safeguards specified in The HIPAA (Health Insurance Portability and Accountability Act) Security Rule, and actively maintaining HIPAA compliance.