Take all possible precautions

Back up accurate copies of ePHI on a regular basis and implement procedures to restore lost ePHI.

Establish procedures for business continuity in the event of an emergency and test those plans on a regular basis. Establish written agreements with all business partners and document satisfactory assurances that they will comply with HIPAA requirements for as long as they have access to ePHI.

It could be argued that the HIPAA requirements for protecting ePHI that I have listed so far overlap in many ways with the PCI requirements for protecting PANs, but they are not so specific about what is actually required; as with PCI, much of the language is not a specific technical reference, but rather , only mentioning the policies and procedures that must be in place.

And what you should be most concerned about is that if you commit a serious violation of the PCI DSS, you could lose your right to accept credit cards.

On the other hand, under HIPAA, you could be fined tens of thousands of dollars or even put in jail for a serious violation. If you are doing business in the healthcare industry or have access to ePHI, it is necessary that you take every precaution possible to ensure that you are protecting.


Back to Top