Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Privacy vs security

June 3, 2005

Article

My practice is fully compliant with the privacy rule, but now I'm receiving solicitations from consultants who want to come in and assess our compliance with the new security rule. Can you explain the difference between these two parts of HIPAA?

Q: My practice is fully compliant with the privacy rule, but now I'm receiving solicitations from consultants who want to come in and assess our compliance with the new security rule. Can you explain the difference between these two parts of HIPAA?

A: Think of the HIPAA privacy rule as determining which health information should be afforded privacy protections, who should have access to it, and how it should be controlled. It's the broadest of the HIPAA rules, since it covers medical information in any form.

The security rule, on the other hand, pertains only to medical information that's stored or transmitted electronically. Unlike the privacy rule, it defines the administrative, physical, and technical safeguards that doctors, among others, must put into place to protect restricted information. (These safeguards extend to personal computers, PDAs and other handheld devices, but not to conventional fax machines or voice mail.) If you store medical information in your office computer, for example, you must institute the proper safeguards, so that only authorized persons have access to it.

The common purpose of both the security and privacy rules is to protect medical confidentiality-a catchall term pertaining to the right of a patient to have her individually identifiable information protected from disclosure to unauthorized persons or entities.