HIPAA – Health Insurance Probability and Accountability Act, is American federal law that Provides a unified management platform for protecting and transferring of medical information. The law providing security model on medical information and every activity that concern in this information, it’s define that every person has the full right for privacy in medical matters.
The law passed by the American congress to apply on the American healthcare and in the further years it Expanded and adopted by the global industry and it’s used as a “stamp of approval” for information security management for companies engaged in the medical field.
In 2013, there was an amendment to the law that defines the responsibility of software and infrastructure vendors to medical organization and requires those vendors to provide a product or service that comply the requirements of HIPAA law.
The main requirements of the standard include reference to determining information security policy and procedures, performing risk assessment and surveys, implanting information security equipment, raising awareness to information security issues.
Many countries in the world, include Israel, adopted this standard, or at list it’s spirit. Israeli companies that supply services to American companies dealing in the medical issues and systems that had develop for healthcare activity, requires to comply the requirements of HIPAA law.
Primesec deals in the field of regulation, information technology, information security and project managing, together with S.Q.A.C a company that deals with quality management, procedures and regulation, offering compatibility activity and approval for comply in HIPAA requires.
Our activity includes checking the following issues and defining a work plan for filing the gaps:
- Identification mechanism
- Password policy
- Record actions
- Classification of permissions
- Encryption communication
- Session management
- Infrastructure protection (if managed by the company)
- Database protection
- How to manage data in the system
- Existence of input tests for fields.
- General topology
After the end of the process the company will grant a legal review on the matter of the organization comply in the law requirements.