Navigation * Home / Consultancy / Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA was authored to simplify administrative overhead and add security to healthcare related transactions in order to protect patient privacy.

Key provisions laid out in HIPAA include requirements for patient consent and authorisation for the release of personally-identifiable information, provisions to opt-out of information sharing programs, new administrative responsibilities for processing information and the assurance of protection of data must be implemented for third-party processors.

The adaptation of HIPAA requirements necessitates organisational efforts in three primary areas including administrative, technical and physical safeguards to ensure that he confidentiality and integrity of patient information achieves compliance. Requirements ranging from the creation of security policy and the processing of documents, employee security awareness training and physical access controls must be considered.

The HIPAA Security Rule identifies standards and implementation specifications that organizations must meet in order to become compliant. All organizations, except small health plans, that access, store, maintain or transmit patient-identifiable information are required by law to meet the HIPAA Security Standards by April 21, 2005. Small health plans have until 2006. Failing to comply can result in severe civil and criminal penalties.

The general requirements of the HIPAA Security Rule establish that covered entities must do the following:

1. Ensure the confidentiality, integrity, and availability of all electronic protected health information (ePHI) the covered entity creates, receives, maintains, or transmits.
2. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
3. Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required.
4. Ensure compliance by the workforce.

BII Compliance is typically a Business Associate of our clients. As such, we consider ourselves to have four primary responsibilities:

• Ensure that we thoroughly understand HIPAA regulations and relationships.
• Provide software and services that help you comply with your HIPAA obligations (and meet our Business Associate obligations to you).
• Assist our clients in entering into standard Business Associate agreements with us
• Ensure that our agents and business partners use systems and processes that are consistent with the Business Associate obligations we have to our clients.

Please contact us for more information on GLBA Consultancy, Solutions and Training