In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was created, aiming to increase the national health system efficiency, to fight frauds and to simplify health insurance administration, among other purposes, by stimulating deeper usage of technology.
The HIPAA Security Rule increases significantly users’ security and privacy, while imposing to CIOs and Security deployment and development of cost effective corporate security programs.
The law establishes that all electronic personal health information (EPHI) must be stored and protected. Despite the efforts to adhere HIPAA, several Healthcare firms, whether healthcare providers or payers (insurance firms) still face challenges related to: filing civil suits generated by security gaps, and those related to the effective demonstrations that the best practices determined by EPHI are being watched.