Abstract
Before jumping into specific safeguards of HIPAA and how security operations center (SOC) activities relate, some background may help put things in perspective. The Health Insurance Portability and Accountability Act (HIPAA) was enacted on August 21, 1996. HIPAA focused on health coverage during gaps when workers change jobs to another. The act provided early incentives for entities to adopt digital records. The Security Rule was implemented on April 21, 2005, focusing on electronic Protected Health Information (ePHI) stored digitally. Enforcement of HIPAA was granted to the Department of Health and Human Services (HHS) on March 16, 2006, under the Enforcement Rule. HHS had the authority to investigate complaints and levy fines for privacy violations. The Health Information Technology for Economic and Clinical Act (HITECH) of 2009 incentivized healthcare organizations for adopting digital medical records. These incentives were part of a program termed Meaningful Use. Finally, in 2013 the Final Omnibus Rule went into effect. It was at this point when news of proactive audit programs surfaced, more news about investigations by HHS after breaches and fines became mainstream news.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
Thompson, Eric
- 4.
Cite HHS documents stating this
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Eric C. Thompson
About this chapter
Cite this chapter
Thompson, E.C. (2020). HIPAA Security Rule and Cybersecurity Operations. In: Designing a HIPAA-Compliant Security Operations Center. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5608-4_2
Download citation
DOI: https://doi.org/10.1007/978-1-4842-5608-4_2
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5607-7
Online ISBN: 978-1-4842-5608-4
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books