HIPAA,Compliance,101,The,Healt computer HIPAA Compliance 101
Gone are those times when the companies and the organisations didn't need a hi-tech system to handle them. Owing to the considerable increase in the business sector and thus, an enormous increase in the complexity of the organisational struc ----------------------------------------------------------Permission is granted for the below article to forward,reprint, distribute, use for ezine, newsletter, website,offer as free bonus or part of a product for sale as longas no changes a
The Health Insurance Portability and Accountability Act (HIPAA) haschanged the healthcare information security landscape in the U.S.Compliance has become a critical issue for all organizations that comein contact with health information. Here is a summary the HIPAA basics.HIPAA, also known as the Kennedy-Kassebaum Act, was signed into lawby the U.S. Congress in 1996 to establish health insurance reform andhealthcare administrative simplification for various healthcareentities including: health plans, healthcare clearinghouses such asbilling services and community health information systems, andhealthcare providers that transmit healthcare data in a way that isregulated by HIPAA.Governed by HHS, HIPAA Title I supports the continuation of healthinsurance coverage for workers and their families when they change orlose their jobs. Title II defines numerous offenses relating tohealthcare and healthcare-related information and sets civil andcriminal penalties for agencies that fail to abide by HIPAA standards.The most significant provisions of Title II for IT organizations areits Administrative Simplification rules. Per the requirements of TitleII, HHS has established five rules regarding AdministrativeSimplification:Privacy RuleTransactions and Code Sets RuleSecurity RuleUnique Identifiers RuleEnforcement RuleVarious security standards apply to each of these rules,particularly for the Security Rule, which establishes three mainsecurity objectives: Administrative Safeguards, Physical Safeguards,and Technical Safeguards. Each safeguard area includes both requiredand addressable implementation specifications. Required specificationsmust be adopted and administered as dictated by the rule.Addressable specifications are more flexible. Yet according to therules for both required and addressable specifications, howorganizations satisfy individual security requirements and whichtechnology they choose are left to the business decisions of eachentity.Healthcare organizations face fines for noncompliance with HIPAAregulations. Penalties include the following: general fines of up to$25,000 per incident, as well as up to $50,000, imprisonment for notmore than one year, or both for wrongful disclosure of individuallyidentifiable health information.HIPAA Fines are RealIn July 2008, HHS announced a formal action against ProvidenceHealth & Services. HHS required Providence to pay $100,000 andimplement a detailed Corrective Action Plan to ensure that it willappropriately safeguard identifiable electronic patient informationagainst theft or loss.This case emphasizes that there is a renewed interest in HIPAA andsends a clear message that HHS has the authority and intent to takeenforcement action. This has been a debate of sorts ever since thepassage of HIPAA. These matters are frequently resolved on aconsultative basis with HHS Office of Civil Rights (OCR).They prefer towork with the healthcare organization to resolve problems. The HHSOffice of Inspector General (OIG), however, has been critical of HHSlack of enforcement activity in the past. Providence is an example thatshows HHS can and will act for HIPAA violations.
HIPAA,Compliance,101,The,Healt