HIPAA: Health Insurance Portability Act of 1996.
To achieve HIPAA compliance, healthcare organizations must implement physical, teaching and administrative safeguards that ensure the integrity and security of healthcare information.

Back to Top

The Technology
The rise of the Internet has led to the development and use of numerous technologies, such as firewalls, smart cards, virtual private networks (VPNs), public key cryptography, and other standardsbased1 encryption technologies that can satisfy the requirement to safeguard electronic information. An appropriate safeguard must also support the provision of fast, efficient, and appropriate medical care and allow institutions to meet their need to track patients, verify patient eligibility, and bill appropriate entities for appropriate amounts.

Back to Top

Smart Cards are an Excellent Solution for HIPAA Compliance
Systems that use smart cards as the identity token and secure data carrier have unique benefits.

• Smart cards can provide easier information access management,ensuring that users are following established security policies.
• Smart cards are a familiar form factor that can be used for both physical access to facilities and logical access to information on personal computers and networks.
• Smart cards can help enforce access control to health information, providing support for both user authentication and encryption of data on the card and during transmission.
• Smart cards can store health information on the card, performing as secure portable data carriers that are under the control of the patient and the health care professional.
• Smart cards, with on-card intelligence and processing capabilities and the ability to use standards-based cryptography, are uniquely capable of enabling compliance with strong privacy guidelines and of enforcing the privacy and security policies set by the health care organization.
• Smart cards provide a feature-rich platform for health care organizations to implement new applications that improve access to and convenience of medical care.

Back to Top

HIPAA Privacy and Security Requirements
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has two goals:

• To protect health insurance coverage for workers and their families.
• To encourage the development of a health information system by establishing standards and requirements for the secure electronic transmission of certain health information.

The 2 Main HIPAA Objectives

• Make health insurance portable.
• Simplify the administration of health care information.

Privacy Rule
The HIPAA Privacy Rule creates national standards to protect individuals' medical records and other personal health information. The rule became effective on April 14, 2001. Most health plans and health care providers covered by the new rule had to comply with its requirements by April 2003.

The Privacy Rule achieves the following:

• It gives patients more control over their health information.
• It sets boundaries on the use and release of health records.
• It defines appropriate safeguards that health care providers and others must establish to protect the privacy of health information.
• It holds those who violate patients' privacy rights accountable, establishing both civil and criminal penalties for violations.
• It strikes a balance between privacy and public responsibility when disclosure of data is required, such as to protect public health.

Security Rule
The HIPAA Security Rule requirements apply to health plans, health care clearinghouses, and health care providers. The Rule covers all health information about an individual that is electronically collected, maintained, used, or transmitted.7 The final Rule was published on February 20, 2003.

The Security Rule includes three groups of security standards, all intended to protect data integrity, confidentiality, and availability:

• Administrative safeguards.
• Physical safeguards.
• Technical safeguards.

Back to Top

Current Implementations
Smart cards are being used in new health care system implementations, with many organizations considering the use of both smart cards and biometrics.

Back to Top