HIPAA and What You NEED To Know
Main Points
HIPAA stands for The Health Insurance Portbility And Accountability Act and it provides security provisions and data privacy for patients
There are 5 section to HIPAA
Ways to know you are HIPAA compliant
First things first, there is no official certification program for HIPAA compliance, but many training companies offer credentials which indicate the understanding of guidelines and regulations the act specifies.
Since there is no official certification program for HIPAA compliance, it will be important for you and your patients to know the rules and regulations that guide the HIPAA regulations.
HIPAA was signed into law in 1996 under the Clinton Administration. Without and before HIPAA was signed into law, patients did not have the specific safeguards for their protected health information. And in the electronic and digital age, it is more important than ever to ensure that patient information is protected and safeguarded.
Since signing the legislation into law, there have been numerous legislative and technological advancements that have allowed HIPAA to be implemented and maintained.
Above all else, the best thing that you could do ensure HIPAA compliance in regard to patient data is to find an electronic health record system that knows and understands the importance of HIPAA compliance.
The Health Insurance Portbility And Accountability Act (HIPAA) is a legislation which provides security provisions and data privacy, in order to keep patients’ medical information safe.
The act contains five titles, or sections, in total:
HIPAA Title I aims to protect coverage of health insurance for those who have changed or lost their jobs. It prevents group health plans from refusing to cover individuals who have pre-existing diseases or conditions, and prohibits them from setting limits for lifetime coverage.
HIPAA Title II aims to direct the United States Department Of Human Services and Health in order to standardize the processing of electronic healthcare transactions nation-wide. It requires the organizations to implement safe electronic access to the patients’ health data, remaining in compliance with the privacy regulations which were set by the HHS.
HIPAA Title III is related to provisions which are tax-related, as well as general medical care guidelines.
HIPAA Title IV defines a further reform in health insurance, including provisions for those who have pre-existing diseases or conditions, and individuals who are seeking continued coverage.
HIPAA Title V includes provisions associated with company-owned insurance, and treatment of those who lost their citizenship for income tax reasons.
Most of the time when you hear the term "HIPAA Compliance" you are hearing that term in relation to IT compliance. The title this would be most applicable to would be Title II. This title is also known as 'Administrative Simplification'.
Some of the common elements of Title II are very common and refer to:
National Provider Identifier Standard. This requires that every single health care entity, like employers, individuals, healthcare providers and health plans, need to have a unique 10-digit provider identifier code – their NPI (National Provider Identifier).
Transactions and Code Sets Standards. This orders organizations to follow a standard mechanisms for EDI (electronic data interchange), when processing or submitting insurance claims.
HIPAA Privacy Rule. This rule aims to establish national standards that protect patients’ health information, make sure any individually identifiable information is safe.
HIPAA Security Rule. This rule sets standards for patients’ data security as well.
HIPAA Enforcement Rule. Lastly, this rule establishes the guidelines for investigating violations of HIPAA.
In the year 2013, HHS put in place the HIPAA Omnbius Rule, in order to implement a few modifications to the earlier version, in accordance with certain guidelines, which were set in 2009 by the HITECH Act. It concerns mostly the responsibility of business associates of the entities that are covered. This rule also makes change to the penalties for violations of HIPAA compliance, increasing them to a maximum of 1.5 million dollars per incident.
HIPAA violations can be very costly for a health care organization. First of all, the Breach Notification Rule, set in the omnibus, requires that the entities which are covered as well as any of their business associates notify patients that they are following a data breach. In addition to these costs, the organizations may encounter fines after the audits get conducted by the Office of Civil Rights (OCR). Providers may even face criminal charges for violation of such rules.
Organizations are able to lower the risk of regulatory action by taking practice in training programs for HIPAA compliance. The OCR offers six programs in total which aim to educate employees about the security and privacy rules. Many other training groups and consultancies offer programs, too. Providers may even create their own programs, encompassing other areas such as the current HIPAA policies, the HITECH Act and management processes from mobile devices and other certain applicable guidelines.
Here are some ways to know you are HIPAA compliant
You have attended seminars and training educating yourself on HIPAA and the specific regulations that providers must adhere to
You have reviewed your policies and procedures and compared them to the HIPAA regulation so that you know you are in compliance with the law
You have a practice management system that knows and understands the HITECH act and HIPAA legislation
You have a BAA (Business Associate Agreement) with each of your vendors and they understand the roles and responsibilities associated with working with protected health information
You review and are informed to changes to the HIPAA legislation and apply any changes to your practice
If you are further confused by HIPAA and need more insight into how to apply HIPAA to your practice, don't hesitate to reach out to us via the contact form on our website or email us at info@practicesol.com.