Library Update: Health Insurance Portability and Accountability Act (HIPAA)

The Alyne team has recently rolled out a brand new addition to the Content Library with a comprehensive mapping of The Health Insurance and Accountability Management Act (HIPAA). This mapping covers not only section 164.3xx (Security Standards), but also the rules outlined in section 164.4xx (Breach Notification) and section 164.5xx (Privacy Aspects).

The Health Insurance and Accountability Management Act (HIPAA) was enacted into law in 1996 to improve insurance coverage, as well as to reduce fraud and ease administration.

The Health Insurance and Accountability Management Act (HIPAA) regulation is mainly targeted towards any covered entities who handle health or healthcare-related data and providers who use or transmit electronic Protected Health Information (ePHI).  In 2013, the coverage of HIPAA regulations has been expanded to include all Protected Health Information (PHI) users, including third-party service providers to be subjected to the same data privacy and protection laws under HIPAA.

The law contains requirements that aim to protect and safeguard the integrity of patient health information with critical information assets with infrastructure. While the law presents clear definitions of privacy and security requirements, some of its terms are broadly defined.

HIPAA coverage within the Alyne platform

Leveraging on, and in addition to the existing 1200+ Controls available in the platform, the Alyne Library experts have interpreted and mapped HIPAA requirements into a Control Set containing 480 robust Controls that are easily actionable, specific and measurable for business leaders to implement.

For organisations who are subject to compliance with HIPAA, Alyne now offers a comprehensive mapping of the regulation, covering not only §164.3xx which is focussed on Security Standards, but also the rules outlined in §164.4xx (Breach Notification) and §164.5xx (Privacy Aspects). This content now available in the Alyne platform, will simplify and enhance your ability to follow HIPAA compliance criteria. 

HIPAA compliance rules include: HIPAA Privacy Rule, HIPAA Security Rule and HIPAA Breach Notification Rule

HIPAA Privacy Rules 

The HIPAA Privacy Rule establishes national standards to ensure that patients' rights to PHI are protected. This includes medical records and other personal health information and it applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.

HIPAA Security Rules 

The HIPAA Security Rule operationalises the HIPAA Privacy Rule. More specifically, this set of rules ensure that there are both technical and non-technical, that includes administrative and physical, safeguards to ensure that ePHI is transmitted and handled in a secured and responsible manner.  

HIPAA Breach Notification Rules

The HIPAA Breach Notification Rule requires covered entities and their business associates to notify affected individuals and the media of a breach of unsecured PHI. Depending on its severity, if the data breach affects 500 and more individuals, the Secretary has to be informed no later than 60 days following the breach.

As with all Library Updates, the Control Set has been provided to existing and new Alyne customers alike. Contact our sales team at to learn how Alyne can help your organisation, or schedule a meeting with an expert to experience Alyne's full capabilities.

Eunice Cheah

Related Posts

Library Update: ACSC Essential Eight 2021

The Alyne Library has recently been updated with a Control Set covering the July 2021 version of the Essential Eight Maturity Model issued by the Australian Cyber Security Centre (ACSC). The standard allows self-assessments based on the highest maturity level provided within the Essential Eight Maturity Models.

Library Update: TISAX VDA ISA Version 5.0.4

The Alyne Library has recently been updated with a Control Set covering version 5.0.4 of the Information Security Assessment (ISA) issued by the Verband der Automobilindustrie (VDA). The ISA allows for self-assessments, audits and health checks in accordance with the Trusted Information Security Assessment Exchange (TISAX).

Library Update: UK GDPR

The Alyne Library has recently been updated with a Control Set covering the United Kingdom General Data Protection Regulation (UK GDPR). It explains the general data protection regime that applies to most UK businesses and organisations, and covers the UK GDPR, tailored by the Data Protection Act 2018.