HIPAA features three components related to data protection: the Security Rule, the Privacy Rule and the Breach Notification Rule.
The maximum civil fine is $50,000 per violation, up to a maximum of $1.5 million per violation category, with the Office of Civil Rights within the U.S. Department of Health and Human Services collecting some $20 million in fines and settlements in 2017.
HIPAA requires "covered entities," which include hospitals, pharmacies, group health plans and individual provider offices, and their third-party "business associates" to deploy technical controls to prepare for audits and protect sensitive ePHI.
The HITECH Act of 2009 is a distinct law from HIPAA, but the two overlap and reinforce each other in certain ways.
Prioritize Your Efforts
Customizable assessments, scaled for covered entities and business associates, helps you identify safeguards necessary to meet HIPAA compliance by locating gaps that may exist between your current security posture and the requirements.
Address Gaps and Vulnerabilities
The Trustwave HIPAA Compliance Readiness Service helps you confront your HIPAA compliance gaps so that specific risks can be categorized, quantified and addressed.
Safeguard Patient Data
Count on Trustwave to guard your infrastructure, networks and data by building a defense-in-depth security strategy automated and managed through our cloud-based Trustwave Fusion platform.
