Hipaa Compliance

Published: 23rd September 2010
Views: N/A

Hipaa Compliance

In order to create a national standard for protecting the privacy of patients' personal health information (PHI), HIPAA, Health Insurance Portability and Accountability Act was passed into a law by the Privacy Rule of the Department of Health and Human Services. The chief aim of the law was to protect health information by establishing transaction standards for the exchange of health information, security standards, and privacy standards for the use and disclosure of individually identifiable health information. HIPAA deals with the security and privacy of health information and applies to health care providers and employer group health plans. Any person who handles patient documentation of any type should be educated on HIPAA compliance.

HIPAA compliance needs thorough attention and effort, if any failure to adhere involves high risk of reputation damage, heavy fines and imprisonment varying from 1 year to 10 years. The last 10 years of the 19th century saw a speedy increase of digital technology in health care, with lesser expenditure and much better service quality. It has resulted in new and higher risks for inadvertent disclosure of private health information.

Main Requirement of HIPAA

Protected Health Information (PHI), which covers any aspect that can be required to identify a person and any information or data exchanged or disclosed to other health care providers in any medium viz. digital, verbal, recorded, faxed, printed or written, is the main requirement of HIPAA

HIPAA Principles

• To improve portability and continuity of health insurance coverage in the group and individual markets

• To combat waste, fraud, and abuse in health insurance and health care delivery

• To reduce costs and the administrative burdens of health care by improving efficiency and effectiveness of the health care system by standardizing the interchange of electronic data for specified administrative and financial transactions

• To ensure protecting the privacy of Americans’ personal health records by protecting the security and confidentiality of health care information

How to Comply with HIPAA

There are several ways one may qualify as a "Covered Entity" that is required to comply with the terms of HIPAA. Some of these are apparent like health care. In case one’s organization qualifies as a "health plan," then also one is considered a Covered Entity. Health plan is nothing but any organization that "provides medical care, including items and services paid for as medical care, to employees or their dependents directly or through insurance." If you offer employees medical care through a self-insured plan, chances are that you’re covered under HIPAA. Other organizations may fall under the "health care clearinghouse" provision based upon their responsibilities for processing health care data.

Once you are covered under HIPAA, there are two specific regulations of interest. These are: the HIPAA Privacy Rule and the HIPAA Security Rule.

HIPAA Privacy Rule

The Privacy Rule protects all individually identifiable protected health information (PHI) maintained by the Covered Entity. It is not specific to electronic information and applies equally to written records, telephone conversations, etc. According to the Department of Health and Human Services, PHI includes data that relates to:

• the individual’s past, present or future physical or mental health or condition or

• the provision of health care to the individual or

• the past, present, or future payment for the provision of health care to the individual

HIPAA Security Rule

The Security Rule deals with electronic Protected Health Information (ePHI), which is created, received, used, or maintained by a covered entity. The Security Rule requires implementation of three types of safeguards: 1) administrative, 2) physical, and 3) technical. Various security standards are identified by the rule for each of these types, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the Rule. Addressable specifications are more flexible. Individual covered entities can evaluate their own situation and determine the best way to implement addressable specifications.

In nutshell, a HIPAA compliance refers to the standards and regulations that hospitals must comply to in order to avoid potentially devastating fines.

Report this article Ask About This Article

More to Explore