> Data Destruction Topics > Media Sanitization Scenarios
Health
Insurance Portability and Accountability Act of 1996 [HIPAA}
Standards for Privacy of Individually Identifiable Health Information Rule
STATUS: Final Rule Published December 28, 2000
FULL NAME: Standards for Privacy of Individually Identifiable Health Information Rule of the HIPAA Act TARGET: With regard to Protected Health Information (PHI), "covered entities" include health plans, health care clearinghouses, and most health care providers. Also applies indirectly to "business associates" who perform certain functions on behalf of, or provide certain
services for, covered entities. FUNDING: $19.2 Billion DESCRIPTION: Broadly intended to encourage the use of Electronic Health Records by medical businesses, this legislation also takes the scope and enforcement of HIPAA (Health Insurance Portability and Accountability Act of 1996) privacy protection to a new level. Penalties for violations can now include criminal prosecution. AGENCIES: Department of Health and Human Services (HHS) Office for Civil Right (OCR), Federal Trade Commission (FTC) DATA SECURITY FACTORS:: Portions of HITEC specify standards for protecting private medical data and new penalties for lack of compliance. New guidance for technologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals have been established and are published in the Federal Register 74 FR 19006 of April 27, 2009. If the entities subject to the regulations apply the technologies and methodologies specified in the guidance, they will not be required to provide the notifications required by the regulations in the event the information is breached. Among the scenarios specified in the Federal Rules and Regulations is destruction or purging of electronic media in accordance with methods specified in NIST Special Publication 800-88: Guidelines for Media Sanitation.
Complete listing and links for data security regulations and legislation.
