HIPAA and its effect on your record retention policy

by on July 6, 2009 · 0 Comment POSTED IN: HR Info Center

HIPAA shows a movement in federal regulation of record retention policy towards encryption

HIPAA(Health Insurance Portability and Accountability Act) is another important federal law with a major record retention policy component. HIPAA applies to health plans, healthcare providers and healthcare clearing houses when we’re talking about the data security rules.

HIPAA’s sliding standards for record retention policy
There’s sort of a common misconception that any company that has all personal health information is automatically covered by HIPAA. That’s actually not the case. The standards are based on the industry where the company operates. Health care companies are held to the highest possible standard of HIPAA with decreasing scrutiny for other industries.

However, HIPAA does require covered entities to enter into business associate agreements with vendors or third parties handling their data. The idea here being that a covered entity shouldn’t be able to avoid its data security obligation in their record retention policy just by outsourcing the data to someone else.

So for those of you who are working for companies that handle data for covered HIPAA entities, you’re no doubt would be familiar already with the business associate agreement concept.

Now encryption is strongly encouraged under HIPAA but it’s not mandated. And we’ll see that many of the US privacy laws reward encryption and encourage encryption, and in fact, are moving towards potentially even requiring encryption as part of both federal regulation and business best practices in record retention policy in some cases.

Edited remarks from the Rapid Learning Institute webinar: “Identity Theft: What HR Can Do To Protect Sensitive Employee Data” by Christine E. Lyon, Esq.

Leave a Reply

Close

Request a Free Demo

We'd love to show you how this industry-leading training system can help you develop your team. Please fill out this quick form or give us a call at 877-792-2172 to schedule your one-on-one demo with a Rapid Learning Specialist.