HIPAA is the short form for the Health Insurance Portability and Accountability Act of 1996 passed by the U.S Department of Health and Human Services. It is an act that makes it mandatory for following standards in protecting personal patient health information and stopping it from being brought to public knowledge without consent or knowledge of the patient. Today, a lot of patient health information is held and transferred in electronic form which HIPAA protects by its established set of national security standards. It is the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that enforces HIPAA compliance.
As health care providers adopt computerized operations, they will take to implementing various systems such as radiology systems or physician order entry systems etc, which increases efficiency, mobility for patients but they also increase security risks with regards to health care data. By implementing HIPAA standards, these health care providers will be able to give quality health care and make more Americans opt for health insurance coverage. Fines levied for HIPAA violations fall between 100 to $50,000 per violation (or per record. A maximum penalty of $1.5 million per year can be levied for violations made on the same provision.
HIPAA includes the following:
- Privacy Rule
- Security Rule
- Breach Notification Rule
- Omnibus Rule
- Enforcement Rule
Lack of adhering to HIPAA can cause the following:
- Device theft
- Employee dishonesty
- Improper disposal of patient records
- Unauthorized release of HI
- Lack of training for employee in maintain privacy of PHI
- Hacking. …
Table of Contents
Who Needs HIPAA Compliance?
Compliance for HIPAA is a must for the following health care providers:
- Doctors
- Clinics
- Hospitals
- Nursing homes
- Pharmacies
- Chiropractors
It should also be followed by health care clearinghouses, endorsed sponsors of Medicare prescription drug discount and also health plans providers because they deal with PHI on a constant basis.
All entities and business associates who must be HIPAA certification need to do the following:
- Put in place control that regulate or limit information flow inside a private network
- Use mechanisms that monitor the flow of activity in the network
- Take steps that stops unauthorized disclosure of PHI
- Conduct risk assessment on security procedures
HIPAA assessment
This assessment can be done by an organization that has the expertise to do it, verify that you are eligible for HIPAA certification. Here is a look at key HIPAA checklist:
- Periodically carry out security assessment, privacy and internal audits
- Do a risk analysis based on the guidelines given by the NIST
- Put in place procedures and rules that comply with HIPAA Privacy Rule, Security Rule and breach Notification Rule
- Implement safeguards that protect the confidentiality, availability and integrity of data
- Have a training program in place which employee undergo so that they are aware of the importance of HIPAA compliance and know how to upkeep cyber security
- Appoint an individual else setup an office that takes care of privacy related matters
- Check up on your business associates to find out if they are HIPAA compliant
- Have systems and procedures in place to manage in the event of security breach or incidents
It should be noted that HIPAA compliance is not one time, it should be done on a regular basis. It is important to understand the importance of risk assessment, staff training and data use as well as access control, so that PHI privacy and safety is maintained.
Benefits of HIPAA Compliance
By becoming HIPAA compliant, an entity dealing with Patient Health Information will gain loyalty from patients or customers, so they will continue to use their services. By retaining existing customers through their loyalty, the entity will become more profitable and also have to spend less in efforts to catch new customers. It sets the entity apart and a cut above the rest from its competitors.
Certification
It can be gained by allowing a third-party certification company to carry an audit on an entity to find out if its practices match with HIPAA requirements. Prior to the audit, it should have done the following: