HIPAA Compliance
Adopt best practices to improve accountability and communication
  Solutions
Quality Management
Regulatory Compliance
Risk Management
Internal Audits
IT GRC
IT Governance and Policy
IT Risk Management
IT Compliance Management
 
CoBit
ISO 27002
FISMA
HIPAA
PCI
IT Audit Management
IT Incident / Issue
Threat and Vulnerability Management
Vendor Risk Management
Business Continuity Management
IT Asset Management
Smart Grid
Entitlement Management
Green Data Center
Legal GRC
Corporate Governance
Sustainable Environment
  Featured Industries
Banks and Financial Services
Energy & Utility
Healthcare
Health Insurance
High Tech
Manufacturing
Government
more ...  
Home > Solutions > IT GRC > IT Compliance > Regulations > HIPAA

HIPAA Compliance: Health Insurance Portability and Accountability Act

   Favorites Favorites
More Topics
Datasheets
Webinars
Solution Briefs

The Health Insurance Portability and Accountability Act (HIPAA) - Title II sets national standards for electronic health care transactions. The regulation requires security and privacy of health data during electronic data interchange in health care system.

Companies providing health care plan, acting as clearing house for health plan or delivering health care services are identified as "Covered Entities" under the HIPAA regulation. Covered entities have to follow 45 CFR §160, §162, and §164 rules to be HIPAA complaint and have to ensure that their IT systems follow Privacy and Security rules in the regulation. The IT systems have to ensure privacy and security rule of protected health information (PHI) during transmission and maintenance of health information through electronic media.

MetricStream IT GRC Solution for HIPAA Compliance

MetricStream offers a comprehensive IT GRC Solution for health care industry to

  • Implement popular IT governance frameworks such as Cobit, ISO 27002 for confidentiality, integrity, and availability of electronic protected health information
  • Comply with Privacy and Security HIPAA rule (45 CFR § 164.304) by adopting control based architecture for administrative, physical and technical safeguards
    • Understand and define the information risk universe for PHI
    • Determine confidentiality, integrity, and availability requirements of PHI
    • Define and implement required controls
    • Develop enforcement, monitoring, and response mechanisms of controls through risk assessment, auditing and incident management
  • Generate reports for HIPAA compliance
  • Achieve cost saving and achieve efficiency in IT GRC program by easily integrating with emerging frameworks and regulations in common GRC platform
    • The Health Information Trust Alliance (HITRUST CSF)
    • Health Information Technology for Economic and Clinical Health Act (HITECH)
    • American Recovery and Reinvestment Act of 2009 (ARRA).
Related Links
Cobit ISO/IEC 27002
FISMA PCI Compliance
Automated GCC   Control and Policy Mapping
more ... 

  Resources
Webinars
Minimize IT Risks through Automation of IT GRC Process

Managing Healthcare Privacy, Identity Theft & Information Risk
Datasheets
IT GRC Solution
Insights
Challenges to PCI compliance
New Compliance Challenges for the Healthcare Industry
IT BCP and DR
Solution Briefs
IT GRC - Enhancing Technology Capabilities
  Next Steps