What It Means to Be HIPAA Compliant

Описание: Back in 1996, did President Bill Clinton know the profound impact signing the Health Insurance Portability and Accountability Act (HIPAA) into law would have on healthcare organizations and their business partners?

Although he didn’t foresee so many people misspell the acronym and call it HIPPA, he did want to protect the privacy of Americans.

LINKS:
____________________________________________

https://etactics.com/blog/what-does-i...
____________________________________________

The former President also highlighted instances of corporations invading American citizen’s medical privacy for their gain during the same speech.
One instance he cited was a survey of Fortune 500 companies that found that one-third of them factored medical history in who they hire.

If that happened today, both of the organizations would face a massive fine.
The practice that gave the corporation access to prospective employees’ medical records would have to pay a lot money today. They'd also have to fire the team member that went through with the sending.

The corporation would also face serious legal action against them, both from the Department of Health and Human Services (HHS) and their interviewee.

Patient record privacy, confidentiality and security has only gotten more important.

Before breaking down the important sections of the law, you need to know some of the high-level definitions

HIPAA applies to three separate parties; patients, covered entities and business associates.

Of course, the patient is the most involved individual with HIPAA as its entire purpose is to keep their information private and secure.
PHI is also known as “HIPAA identifiers”, or information used to identify an individual. There are 18 different things that fall under PHI.

I’m not going to list all of them as I’d run out of breath. If you’d like, pause the video here to see all of the identifiers.

A covered entity (CE) refers to any individual who gives treatment, installment and operations in human services. That’s a fancy statement for doctors and the facilities they work at.

Next is what’s referred to as a business associate (BA). Business associates are those who have access to PHI to help covered entities with those same categories; treatment, installment and/or operations. That’s another complex definition to reference companies who help doctors do their job.

OK, now let’s break down the different parts of HIPAA.

There are four main sections of this law; the Privacy Rule, the Security Rule, the Breach Notification Rule and the Omnibus Rule.

First, the Privacy Rule sets the standards for patients and their rights. It outlines patients’ rights to access PHI, healthcare providers’ rights to deny access to PHI, what Use and Disclosure forms should look and more. The Privacy Rule only applied to covered entities at first, not business associates.

Second, the Security Rule illustrates principles that ensure the wellbeing of information created, received, maintained, or transmitted electronically. It introduces standards for the integrity and safety of electronic PHI (ePHI) through physical, administrative and technical safeguards. This section of the law has always applied to both covered entities and business associates.

Third, the Breach Notification Rule, added in 2009, details what must happen in the event of leaked that PHI gets in the hands of unauthorized individuals either physically or electronically. It categorizes breaches into two sections; Minor Breaches and Meaningful Breaches.

Fourth, the Omnibus Rule is an addendum, via the American Recovery and Reinvestment Act of 2009, to HIPAA to ensure that the entire law applied to business associates. Since this rule, business associates must be HIPAA compliant. They must sign also sign a government-mandated Business Associate Agreement (BAA) template provided by the covered entity. CE’s and BA’s must agree upon a BAA before the sharing of PHI or ePHI happens.

Part of being HIPAA compliant means that your organization stays that way. It would be nice if all you had to do as an organization was go through a checklist and receive a certification that states you’re a compliant business. Unfortunately, that’s not an attainable achievement.
Instead of thinking of it as something like an achievement, look at it as a way of conducting business.

► Reach out to Etactics @ https://www.etactics.com
►Subscribe: https://rb.gy/pso1fq to learn more tips and tricks in healthcare, health IT, and cybersecurity.
►Find us on LinkedIn:   / etactics-inc  
►Find us on Facebook:   / etacticsinc  

#HIPAACompliance #HIPAA