Sunday, August 8, 2010

HIPAA Compliance with Privacy and Security Rules

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 allow the federal government to mandate the ways in which health care organizations store and transmit individuals’ personal health information.

Your Information technology (IT) partner should understand how The Privacy Rule and The Security Rule effect implemented systems and software.

The Privacy Rule

The Privacy Rule establishes minimum Federal standards for safeguarding the privacy of individually identifiable health information.

Health plans, health care clearing houses, and certain health care providers my comply with this Rule.

Individuals are given certain rights by the Privacy Rule including access to health information records and when certain types of health information is shared with other people and organizations.

The Security Rule

Companies who are covered by HIPPA are also required to take specific steps to protect Electronic PHI (ePHI).

All security requirements can be defined as one of three basic safeguards:

  • administrative
  • physical
  • technical

Basic requirements include

  • Adopting policies and procedures to protect ePHI
  • Adopting policies and procedures to protect the security of patient information, including a policy on workstation use
  • Developing and implementing data access control procedures
  • Implement technical mechanisms to prevent unauthorized access
  • Establish a reporting and response system for confidentiality violations

The HIPAA Privacy and Security Rule requirements are designed to be technology neutral and scalable from the smallest to the largest companies and organizations. It is typically a custom combination of software and process which allows companies to be in compliance with the requirements of the Privacy and Security Rules.

I'll follow-up with another article describing more

No comments:

Post a Comment