When it became effective in 2003, the Health Insurance Portability and Accountability Act (HIPAA) of 19981 provided criminals with thousands of new opportunities to steal personal information. How? The HIPAA created a database containing the identifying information on nearly everyone in the United States — all persons who either have healthcare insurance or who have in the past received healthcare.

However, healthcare or healthcare-related institutions need not worry provided they have secured the HIPAA database on the four fronts: people, processes, property, and (thereby) proprietary information. The security standards of the Business Information Security Program (BISP) are essential compliance requirements for all institutions having access to the HIPAA database. This chapter presents an overview of preceding chapters so as to illustrate the BISP applications for businesses providing healthcare services and products.


Goal: To prevent the theft of personal identifying information from the HIPAA database.

Specific Objectives: The objectives of this chapter are twofold: (1) to provide healthcare and healthcare-related companies with a brief overview of the BISP security standards contained in Parts II and III, and (2) to summarize sections of the chapters describing how personal information can be compromised from institutions having access to the HIPAA database.


Although all U.S. health insurance ...

Get Preventing Identity Theft in Your Business now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.