All over the world, organizations in the healthcare industry are becoming more and more interested in protecting their patients’ information; but, in the United States, this need goes back to 1996, with the enforcement of HIPAA (Health Insurance Portability and Accountability Act), which regulates the use and disclosure of U.S. citizens’ protected health information.
This article will present how organizations that need to ensure HIPAA compliance can take advantage of ISO 27001, the leading ISO standard for information security management, to fulfill the requirements.
What are the security requirements in HIPAA?
Broadly speaking, HIPAA requirements are defined by two main rules: the Privacy rule and the Security rule. These rules must be followed by any U.S. healthcare provider who transmits health information in electronic form (generally called “covered entities”).