Free resource shows the HIPAA guidelines for IT without commentary or fluff
Charlotte, NC – Calyptix Security, a leading provider of network security services for small and medium businesses, today announced a new resource for IT providers that shows the HIPAA regulations that apply to IT when working with healthcare clients.
The resource, HIPAA Regulations for IT Compliance: The guidelines straight from the Federal Register, gives IT professionals the exact HIPAA guidelines they must follow in healthcare. It does not include interpretations or commentary, just the rules and nothing else.
“IT providers need a straight-forward list of the HIPAA regulations that apply to them. Too many other resources are broad, vague, or full of fluff. So we took the full list of requirements and cut out everything that didn’t apply to IT. Then we added a cover and a page about Calyptix. The result is a concise resource with the rules for HIPAA compliance in IT and nothing else,” said Ben Yarbrough, CEO, Calyptix Security.
Out of the more than 100 pages of HIPAA regulations, Calyptix found that only two sections applied to IT: the Security Rule and the Privacy Rule.
“Even within these sections, not all of the material is relevant. So we trimmed them even further, cutting out the information about hearings and penalties. That information is important, but it is not vital to IT compliance,” said Yarbrough.
According to DHHS, the complete list of HIPAA requirements is found in the Code of Federal Regulations (CFR) under title 45 Parts 160, 162, and 164. When combined, this material is about 115 pages – but much of the material is not relevant to IT compliance.
For example, portions of HIPAA are often grouped into different “rules” or “standards” which are listed below. Some of these groups overlap, and some clearly do not apply to IT.
- Privacy Rule – Sets standards for the protection of medical records and other health information.
- Security Rule – Sets standards to protect electronic personal health information that is created, received, used, or maintained.
- Enforcement Rule – Includes provisions related to investigations, sets the procedures for hearings, and addresses civil penalties for HIPAA violations.
- Breach Notification Rule – Requires covered entities and their business associates to provide notifications following a breach of healthcare data.
- Transactions and Code Set Standards – Sets standards for certain healthcare transactions and requires the use of standard codes for diagnoses and procedures.
- Identifier Standards – Requires employers and healthcare providers to have unique identification numbers on standard transactions.
Calyptix determined that only the Security Rule and Privacy Rule had material directly relevant to IT. After trimming these sections even further, the following parts of the CFR remained:
- CFR Title 45 – Part 160 – Subpart A
- CFR Title 45 – Part 164 – Subparts A, C, and E
These sections of the CFR have the most relevant rules for HIPAA compliance in IT. The rules are shown, without marketing fluff or commentary, in the free resource from Calyptix, HIPAA Regulations for IT Compliance: The guidelines straight from the Federal Register.
This resource follows several others published by Calyptix on topics such as PCI DSS compliance and HIPAA compliance for IT. They can be found at www.calyptix.com/resources.
About Calyptix Security
Calyptix Security is dedicated to helping small and medium-size businesses secure their networks so they can raise profits, protect investments, and control technology. The company’s UTM firewall for network security and management, AccessEnforcer, makes it easy to protect SMB networks so companies can forget about network security and focus on winning. Developed, built, and serviced in the U.S., AccessEnforcer is a flexible UTM device that allows MSPs and VARs to provide security that fits their needs and business models.