IT and HIPAA go hand in hand, since the core aim of HIPAA is ensuring IT security. HIPAA issues broadly stated compliance requirements that organizations and practices have to adapt to suit their unique needs.
IT and HIPAA share a very strong bond, because IT compliance is one of the core requirements of Health Insurance Portability and Accountability Act(HIPAA). This is quite understandable, considering that IT is at the core of Protected Health Information (PHI), securing which is the backbone of HIPAA's purpose. The Final Rule prescribes and specifies the following series for Covered Entities to comply with:
Further, there are implementation specifications built into these series that are required or need to be addressed.
HIPAA's deadline of September 23, 2013 for the Final Rules set out procedures and processes with which IT systems need to comply in order to ensure that the IT systems are carrying out their purpose of ensuring patient confidentiality. The highlight of these new rules is that they have put in place enhanced protocols for not only how PHI is shared; they also have notifications about the ways in which Covered Entities need to handle breaches, apart from including several other requirements.
These contain broad normative areas on which guidelines have been issued, because of which IT and HIPAA are still a grey, slightly ambiguous area. HIPAA doesn't prescribe a single, blanket set of standards. Rather, it recommends broad suggestions for ensuring computer security. Healthcare organizations and practices have to implement these based on their own unique situations and requirements
Some of the core points relating to IT and HIPAA relate to the following: