How SSO Makes Being HIPAA Compliant Easier
By David Olukoju
January 5, 2022
Why is HIPAA Relevant Today?
Data privacy centers around the handling of information based on its relative importance. This information includes personally identifiable information (PII), which further includes PHI. PII includes information such as social security numbers, credit card numbers, full names, and addresses. A hierarchy of importance provides a correlation with security and the type of data; for example, a data breach at a hospital can put thousands of individuals’ PHI in the hands of people who might exploit the data. Even with data that is not as important, a breach can enable many bad things to happen: the HIPAA act was enacted to combat this by improving security when handling PHI and ensuring that affected individuals are aware of a data breach.
The Later HITECH Act
Thirteen years after the HIPAA act was enacted, its scope was extended through the Health Information Technology for Economic and Clinical Health (HITECH) act. The HITECH act focused more extensively on the relationship between health organizations and patients regarding health information technology. The HITECH act targets privacy and security due to a greater volume of data being handled than when HIPAA was first enacted. To increase compliance, HITECH provides incentives for the safe transfer of PHI to eligible professionals. It also increases the intensity of responses to breaches by requiring public notification of security breaches.
Effects of HITECH and HIPAA
As mentioned above, organizations that deal with PHI are categorized as business associates. For example, health insurance providers are considered business associates since they collect PHI electronically and perform work for a covered entity. According to the HITECH and HIPAA acts, business associates must take appropriate measures to safeguard PHI they deal with, wherein these measures are communicated to their covered entities for assurance. This assurance is mandated through the Privacy Rule, which states covered entities must receive proof that the business associate can be trusted with PHI.
– Describe the permitted and required uses of protected health information by the business associate
– Provide that the business associate will not use or further disclose the protected health information other than as permitted or required by the contract or as required by law
– Require the business associate to use appropriate safeguards to prevent a use or disclosure of the protected health information other than as provided for by the contract.
How to Lessen the Chance for a Breach
Identity verification is necessary to access PHI online, and the verification is done through a business associate. However, business associates must abide by HIPAA and HITECH regulations as mentioned above. These regulations most effectively target the secure handling of data and data breaches. One such identity verification model that helps minimize the chance of a breach is Single Sign-On (SSO).