The Health Insurance Portability and Accountability Act (HIPAA) describes how organizations must keep protected health information (PHI) secure. So how exactly are employee passwords supposed to be handled in light of HIPAA? It’s important to understand how HIPAA handles the topic of passwords in order for organizations to properly implement the guidelines in their data protection strategies.
HIPAA is designed to establish industry-wide regulations for protecting confidential healthcare information. Any healthcare organization or business associate that handles protected health information (PHI) must be compliant.
The same organizations are responsible for using proper password policies for their employees.
- Healthcare Providers – physicians, podiatrists, dentists, surgeons, laboratory technicians, hospitals, optometrists, clinics, nursing homes
- Health Payers – HMOs, company health plans, Medicare, Medicaid, employers and institutions that handle PHI while enrolling employees or members in a health plan
- Healthcare Clearinghouses – billing service providers, health management information systems
- Healthcare Business Associates – data processing organizations, data transmission providers, data storage firms, medical equipment vendors, external auditors
[…]
This is an excerpt.
Click here to view full original article at securityboulevard.com