By: kevin7 Aug 2011
What is confidentiality? As the International Organization for Standardization (ISO) in ISO-17799 defines it, confidentiality is "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security.
The healthcare industry is governed by the federal law of The Health Insurance Portability and Accountability Act (HIPAA) enacted by US Congress in 1996 to protect the privacy policies of patients' sensitive medical information.
HIPAA sets the national standards for exchange of a patient's Protected Health Information (PHI). The two prongs of HIPAA are the Security rules and the Privacy rules.
Increasingly, the maintenance and sharing of patient health information is via the Internet. Hence, the security rules of HIPAA deal with the security framework for dealing with the electronic medical data. These explicitly define all aspects of administrative, physical and technical areas of information sharing.
HIPAA's Privacy Rule governs the use and disclosure of a patient's medical information. This information may relate to the health status, receipt of care as well as the financials of health care. The Privacy rule was brought into effect in 2003 to enable the patient to have access his/her own medical records as well as know who has accessed their records in the past six years. It is also balanced such that it permits the disclosure of personal health information needed for patient care and other important purposes.