Posted by: Charles Denyer
HIPAA Privacy rule, PCI, PHI, protected Health Information, SAS 70
An electronic medical record (EMR) is usually a computerized legal medical record created in an organization in which the health information system allows storage, retrieval and manipulation of these respective records.
Electronic medical records, similar to that of hard copy medical records, must be kept in unaltered form and authenticated by the creator. Under data protection legislation, such as HIPAA, responsibility for patient records (irrespective of the form they are kept in) is always on the creator along with one of many custodians of the records, usually a health care practice, facility, or entity, such as DATA CENTERS.
Privacy Rule: The HIPAA Privacy Rule regulates the use and disclosure of certain information held by “covered entities”, which includes health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions. It establishes regulations for the use and disclosure of Protected Health Information (PHI).
Although HIPAA was enacted in 1996, the enforcement of the Privacy Rule began in 2003. The Privacy Rule mandates the following:
• Regulates the use and disclosure of protected health information by health plans, health care clearinghouses, and health care providers who transmit financial and administrative transactions electronically.
• Establishes a set of basic consumer protections
• Permits any person to file an administrative complaint for violations
• Authorizes the imposition of civil or criminal penalties.
If your data center needs to be compliant with HIPAA, then find a competent auditor to assist you.