The actual meaning of HIPAA compliance is simply if entities and offices are effectively following the rules that Congress set forth through all three parts of the HIPAA legislation. The government states that each of the covered entities must meet the requirements which HIPAA has set forth.
The general principal of HIPAA compliance is simply to keep a safeguard over the Protected Health Information (PHI) of customers or patients. It is a rule that each entity must have a certain person that gets chosen to be the HIPAA Compliance Officer (who is sometimes referred to as the privacy officer). It is the compliance officer’s primary job to understand the laws and regulations of HIPAA as well as to be sure that the necessary actions and procedures are being put into practice so that an entity always remains compliant.
Staying within HIPAA guidelines ended up being a bit more difficult with the addition of the Security Rule in 2006. It was now required for the information to be held in secured and locked areas to help prevent security breaches in the event of a burglary.
This would be the first time that security of electronic information had ever been addressed in relation to Private Health Information. Now HIPAA compliance required password guided software and other extra measure to protect their safety.
The HITECH Act in 2009 increased these requirements even more by requiring that action be taken in the event of a breach of security. Basically, what this is saying is that the entities must inform patients or anyone who may have been affected by the security breach. It doesn’t matter if the breach in security was due to negligence on the part of the employees or if it was actually a wrongful act from the outside. All entities are required to have HIPAA Compliance procedures in place just in case regular procedures fail.