Cyber Law Guru
Bridging the Education Gap
|
Chairman |
|
Contact |
37, Ujvala
20th Main
B S K Stage I
Bangalore 560050
|
Associates |
|
Status |
Division
of
Ujvala Consultants Pvt Ltd
|
Search in Naavi Network |
Cyber Law Guru is meant for education of Netizens and answering all questions on Cyber Law. The answers are based on the best available resources and provided for academic purpose. They are not meant to be legal advise.
| Sl No | Q/A |
FAQ-2 (HIPAA issues in Cyber Space) |
|
1 |
Question | What is HIPAA ? |
| Answer |
HIPAA is a legislation in USA and stands for Health Insurance Portability and Accountability Act. It was passed in 1996 to protect Privacy of health information, introduce standards for security of health information in electronic form and to introduce standards in the handling of health information in electronic form so as to bring in administrative simplification in the processing of health related information. It also brought some consumer benefits in the Health Insurance industry. The provisions of the Act have been further strengthened of late through HITECH Act introduced by President Obama as a part of providing stimulus to the American economy. HIPAA imposes civil and criminal penalties for non compliance. |
|
| 2 | Question | How is HIPAA relevant in India? |
| Answer |
There are a large number of Indian Companies engaged in the processing of US related health information as BPOs, Software development companies, medical transcription agencies etc. US principals who send information for processing by the Indian Companies are mandatorily required to impose the same liabilities that HIPAA imposes on them to the Indian associates. Hence HIPAA is relevant to Indian Companies. HIPAA compliance is a requirement that Indian Companies need to address to satisfy their SLA obligations. |
|
| 3 | Question |
What should Indian Companies do to be HIPAA Compliant? |
|
Companies need to first examine if they handle " Individually Identifiable health Information" belonging to US citizens/Organizations. if so, they need to conduct a HIPAA audit to identify the requirements and proceed to implement a compliance plan. | ||
| 4 | Question | Does Non Compliance of HIPAA be considered as any violation of ITA 2008? |
|
ITA 2008 imposes a responsibility on Indian Companies to protect "Sensitive Personal Information" with "Reasonable Security Practices". Such reasonable security practice includes the SLA provisions. Non compliance of this could lead to penalties in the form of damages (unlimited amount), imprisonment (upto 3 years or more) and fine upto Rs 5 lakhs. Hence HIPAA compliance is part of ITA 2008 compliance for those companies who are exposed to the handling of Individual identifiable health information of US citizens. |
| Previous |
To Be Continued..
Send your query if any to naavi [at] naavi.org