HIPAA is a US regulation it stands for Health Insurance Portability and Accountability Act (HIPAA). In the UK and the NHS we call it the Data protection act.

In data access regulation we often talk about operating on a ‘need to know’ basis. Restrictions based on the level of necessity of each individual to do their job. And when we’re talking about healthcare it’s of utmost importance to get this right, as often ‘need to know’ means literally a question of life or death. Consider the doctor who needs to check her patient’s allergies before administering urgent medication – having that information to hand at the right time and the right place is not just a matter of convenience.

So getting these restrictions right is crucial. On the one hand it is imperative that patient’s sensitive data is safeguarded, but on the other it’s of equal importance that the right people have the access necessary to do their job, when and where they need.

This is why the healthcare industry is among the most regulated with regards to data security. In the US, healthcare providers must adhere to the federal law of the Health Insurance Portability and Accountability Act (HIPAA).

In the UK, private providers that operate in the US will need to adhere to HIPAA too, but in the public sector the National Health Service has security policies for England, Wales and Scotland. While not law, these policies are aimed at safeguarding patient data and ensuring organisations within the NHS adhere to the Data Protection Act (DPA). This has recently taken on greater significance since the Information Commissioner’s Office (ICO), which enforces the DPA, was given greater authority by the UK government earlier this year to audit NHS organisations’ data security.

One core issue is the management of paper documents, secure storage or secure disposal. If you are a healthcare executive and need advice on HIPAA contact the experts at Secure Data Recycling