HIPAA Security Rules

The security rule is of particular importance to those who design and host web sites as the rule only refers to health information that is maintained or transmitted electronically. The security rule is the portion of HIPAA that establishes a security framework for those entities that deal with medically sensitive information. The security rule demands that all HIPAA entities provide a security plan with safeguards explicitly defined for the following areas:

• Administrative
• Physical
• Technical

Each section must have defined procedures that ensure medical data is protected. For HIPAA compliant web designers and web-hosting providers, the implications of this rule are immense. HIPAA entities looking for secure solutions need to ensure the applications they choose to employ meet the security demands defined in the rule.

HIPAA entities must also make sure that those companies they work closely with follow these safeguards themselves. As a vendor or partner to HIPAA entities, those companies charged with providing web-enabled solutions must ensure that the business practices they employ will stand up to the scrutiny of the HIPAA security rule.