HIPAA Overview
see also Security Compliance Consulting
What is HIPAA?
The Heath Insurance Portability and Accountability Act (HIPAA) is a significant healthcare reform law that passed congress in 1996. It is also known as the Kennedy-Kassebaum act, Public Las 104-191. The date of required compliance is April 14th, 2003. Only an act of congress could be so enormous, and it's changing the face of business in the medical community. HIPAA rules cover patient privacy and information security; penalties for violations include both money and jail!
Helpful Resources
Why HIPAA?
Did you know that pharmaceutical giant Eli Lily sold the mailing list of patients who had been prescribed Prozac?
How about the fact that tennis great Arthur Ashes' HIV status was office gossip that slipped out to the public, forcing him to address it publicly?
The need for privacy and information security is an essential requirement of HIPAA. Several Sections of the law were created to help providers' access patients; health care information, standardizes the way information is handled in the health care industry, and ensures that patients' information remains confidential.
Maintaining privacy of medical records is now a legal requirement. All health care providers, and individuals who come into contact with protected health information must comply or be subject to fines and penalties.
Personal medical information can be used by marketers, employers, politicians, insurers, and any number of other entities to discriminate, punish, hire, fire, sell to, and generally have their unscrupulous way with you. Somebody has to protect that information, and that somebody is YOU, the health care professional, because an Act of Congress says so.
back to top
What should you do?
Educate yourself, not know or not understanding are not options. You will be held responsible no matter what you do. Ensuring that patient information is kept private and secure presents a technological challenge for all individual healthcare specialists, small professional groups, and medium size and larger organizations.
The need for privacy and information security is an essential requirement of HIPAA. Solid data security and protection against improper access and use of private information is a strict requirement.
This is not a process that will happen for you in one or do days. It is something that is very do able. But Awareness is the essential first step to becoming compliant. The date of required compliance is fast approaching start today to get ready for April 14th, 2003.
There are dozens of software packages to help you in you compliance process that range in price up to $3000 and higher. They are designed to facilitate everything you need to do and there a lot to do. Do not attempt to do it without one of these packages unless you like punishing yourself. For the smaller provider we recommend the HIPAA Compliance Kit.
Final Thoughts
HIPAA does not mention specific technologies or methods that must be used. As a result, compliance methodologies will vary from provider to provider.
The HIPAA regulations and guidelines generally follow the lead of the Privacy Act of 1974, stating that individuals must maintain confidence that their information is kept secure. As HIPAA clearly states, all health care providers are responsible for establishing and maintaining secure access to patient information!
HIPAA was not intended to ruin the health care industry! HIPAA has been given a very bad rap but there are many benefits that have not been talked about.
back to top
|
