Skip to main content

HIPAA Compliance

February 03, 2014

Defined by the Department for Health and Human Services

“The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.”

The Technical Side:

Technology is used today to exchange health information in an electronic environment. The use of this technology will greatly enhance the delivery of health care, prevent medical errors, reduce health care costs, increase administrative efficiencies, decrease paperwork, and expand access to affordable health care. While the use of this technology will greatly enhance the medical industry in its care for patients, it is imperative that the confidentiality and security of this health information be ensured.

Many organizations have made great strides in working toward meeting the Health Insurance Portability and Accountability Act of 1996 while other have not.

In most cases, the regulations apply to customers that need to demonstrate compliance and are subject to audits.

Comm Solutions is ready to assist you in assessing and making recommendations on how to take steps to bring you closer to being HIPAA complaint by addressing some of the Administrative Safeguards that are required to be met.

Below are a few examples taken from the Administrative Safeguards (Section 164.308) of the Health Insurance Portability and Accountability Act of 1996.


HIPAA Text“[Organization must have] procedures for guarding against, detecting and reporting malicious software.”

164.308(a)(6)(ii) – RESPONSE and REPORTING

Identify and respond to suspected or known security incidents; mitigate to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes.”

164.308(a)(4)(ii)(B)- ACCESS AUTHORIZATION

“Implement policies and procedures for granting access to electronic protected health information, for example, through access to a workstation, transaction, program, process, or other mechanism.”

The full listing of Administrative safeguards can be found here:

Related Blogs

March 01, 2013

Webinar Recap: HIPAA & HITECH - How IAM Bridges the Compliance Gap

On February 28th, healthcare information security and compliance experts from FishNet Security and Ping Identity presented a joint Webinar to some of ...

See Details

January 03, 2013

Using GRC Tools for Dodd-Frank Act Compliance | Optiv

If you ask anyone who works in financial services what will have the biggest impact on their industry in 2013, one thing will likely come to mind: The...

See Details

January 29, 2014

Compliance Regulations and the Firewall

Comm Solutions engineers are often asked to recommend a firewall that is compliant with Industry regulations. In most cases, the regulations apply to ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

September 20, 2017

PCI Compliance

Go beyond the PCI compliance checklist.

See Details

October 04, 2017

Health Check

Learn how we can proactively confirm your security controls to keep your systems current.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.