HIPAA is a set of special privacy and security standards for certain health information, which known as HIPAA Privacy Rule (privacy standard) and Security Rule (security standard) respectively. Standards apply to healthcare organizations, such as healthcare facilities, insurance companies, and medical billing centers. Of course HIPAA Privacy Rule provides federal protection for personal health information used by healthcare providers. This provides patients with a set of rights to this information.
The HITECH Act required the U.S. Secretary of Health to expand the scope of the HIPAA Security Rule and Privacy Rule standards and increase penalties for HIPAA violations. Previously, the Civil Rights Office’s jurisdiction over private information leaks extended only to medical organizations. The HITECH Act has extended the HIPAA Privacy Rule and Security Rule standards to business partners of individuals and legal entities. That perform certain functions or actions related to the use or disclosure of PHI on behalf of a medical organization. Business partners often provide services such as claim processing and administration, data analysis, usage assessment and management. The cloud provider, in which the PHI is stored directly on behalf of a medical organization or indirectly through its business partner, is now also considered a business partner.