HIPAA Law
HIPAA At The Workplace
Posted at August 4, 2009
All employees who work in organizations with regard to health care should have complete awareness regarding HIPAA and they should all the steps and precautions which are needed to ensure that they comply with all the rules and regulations, which come under HIPAA. In case any organization faces any difficulty in understanding the rules and regulations, which come under HIPAA, then they should immediately consult a lawyer. A complaint should be filed for any person or organizations to be prosecuted under HIPAA.
HIPAA is the health insurance portability and accountability act. This was enforced in the year 1996. This act will take extra care to ensure that all the medical information of patients is kept confidential. All administrative operations in the field of health care will also be made much more simple and this will also help in the reduction of costs as well as reducing the administrative work load. Though the word “reasonable” has mentioned many times in the contents of HIPAA, the employees of all health care organizations should take all the possible reasonable steps so that the medical information of all patients can be protected. Small medical health care centers do not have to take the same precautions as large health care centers and hospitals. There will be no regular inspection of health care facilities in order to check their compliance regarding health care regulations. A complaint will have to be filed with the office of civil rights and they will investigate the complaint further. The fines for non-compliance regarding rules and regulations will also be very high.
The medical information regarding every patient should be kept extremely confidential and private. The files and medical records of every patient should be kept safe and locked in a secure place and anyone who needs to access these files should have the required authorization. Charts of patients should not be left carelessly around where some unwanted entity could gain access to it. When enquiries regarding a patient are being made by telephone, then it should be done from some place where no one else can overhear the conversation and where the wrong information will reach the wrong ears. When medical records of patients are being removed from a particular location, then a proper record should be maintained and every record, which is being removed, should be signed off and accounted for. If a box is being used for the transportation of medical records from one location to another, then the box should be marked “confidential – medical records”. If the medical records of patients are being viewed through a computer then a screensaver should be used so that only certain people will be able to view all the patient records.
When the data or medical records of patients are being transferred in an electronic format, then all the correct procedures and practices should be followed. All the health care services, health care professionals, bulling services and clearing houses should take the right amount of security measures to ensure that the medical records of a patient are stored in a confidential and secure manner and no one can gain access to this information without the necessary authorization.
Possting in compliance with HIPAA
Posted at August 3, 2009
FTP is the abbreviation for file transfer protocol and this is very useful in the exchange of large amounts of information between computers. The method of hosting using FTP has made the process of the transfer of files over the Internet much simpler. FTP hosting consists of two main parts namely the FTP server and the FTP client. Every FTP user will have a separate FTP account, which has its own user id as well as password. A person who has an FTP account will be able to upload files of any kind and of any size by making use of his FTP account. It is also possible for a person who is holding an FTP account to download copies of the files, which have been uploaded on the FTP server.
Companies, which are providing FTP hosting services, will ensure that the process of the exchange of files is completely secure. Only people who have an FTP account will be able to gain access to all the files, which have been uploaded through the FTP account. It is also possible to prevent the holder of one FTP account from accessing the FTP account of another person. There are many companies, which need to transfer large amounts of files through the Internet. Though it is possible to share a large amount of information by making use of hypertext transfer protocol (HTTP), it has its own disadvantages and people prefer to make use of FTP.
FTP Hosting for healthcare – Companies that are involved in healthcare and other kinds of medical transcription services will need to store as well as send and receive a large amount of information in a digital form. Since a large amount of medical reports and files will be sent as well as received through the Internet it is better to make use of a file transfer protocol or FTP instead of hypertext transfer protocol or HTTP. When the health insurance portability and accountability act was enforced in 1996, a lot of extra guidelines were created for the subject of FTP hosting. All companies which are involved in the field of healthcare and which send and receive large amounts of medical reports and files will come under the purview of this Act.
The health insurance portability and accountability act is otherwise known as HIPAA and this has been enforced in order to protect the medical records of patients, which have been stored in an electronic format. All organizations, which are involved in the field of healthcare and those, which provide support services to the health care industry will come under this Act in the form of a covered entity. According to this act, all organizations in the field of health care should take all possible security measures in order to protect the medical records of patients, which have been stored in an electronic format.
The main purpose of creating rules under HIPAA regarding FTP hosting is so that people who do not have the right kind of authorization will not be able to gain access to the medical records of patients. The FTP servers where the medical information is stored will be very secure. An FTP hosting service, which is run in compliance with HIPAA, will also have the encryption feature. The digital files will be transferred in an encrypted form.
Document imaging under HIPAA
Posted at August 1, 2009
The Health Insurance Portability and Accountability Act of 1996 have created quite a flutter in the field of digital imaging of documents as well as the processing of forms. Any company which can be described as a covered entity under HIPAA should take care extra care when any part of their operations are being outsourced to some other entity which has to deal with the personal medical information of patients. There are two main elements in HIPAA, which deal with the imaging of documents as well as the processing of claims. Issues with respect to the privacy of medical information and simplification of administrative processes are the two main areas of importance for HIPAA.
Whenever a person comes to the clinic of a doctor for a consultation, he is asked to sign a multitude of forms, which are also known as HIPAA privacy forms. But the signing of the privacy and disclosure forms does not end the process. People who are in a position where they have to handle a lot of medical information should take extra care while dealing with the information, which has been entrusted to their care. This information includes the personal medical history of the patient, enrollment files as well as medical claims, which have been made by the patient.
While dealing with people who are providing document-imaging services, you should make sure that you first ask them about their policies and procedures with regard to HIPAA. Every employee of the company needs to sign an agreement, which states that they are aware of how they should handle the personal medical information, which belongs to the patient. The company should not in any way encourage the distribution and reading of the personal medical information of the patient. Extra care should be taken to ensure that the privacy of the medical information of the patient is ensured.
The security rules, which come under privacy for HIPAA, include administrative safeguards, which state that the company will implement all policies and procedures in order to ensure compliance with HIPAA, physical safeguards which will prevent any unauthorized access to the private medical information of the patient and also technical safeguards which will make sure that all computers which contain the medical information regarding the patients will have the maximum possible security which can be provided.
The main and most important role, which will be played by administrative simplification, is to make sure the administrative processes, which are involved in the field of health care, are made much simpler. Benchmarks and yardsticks are created for all kinds of electronic transactions, which take place in the field of health care. The medical insurance cannot ask any person who is medically insured to submit documents other than those, which have been permitted by HIPAA.
If a clearinghouse, which has some experience, is employed during the process of medical claims, then they will ensure that your paper claims are according to the standards, which have been set by HIPAA. Once all the documents for the medical claims have been submitted in the format which has been prescribed by HIPAA, then the whole process will be very simple the next time a medical claim needs to be made.
0
Differences between EMR and HIPAA
Posted at July 31, 2009
A research study was conducted in order to understand the advantages as well as the challenges, which have been imposed due to the incorporation of EMR. The changes, which have taken place after EMR has been implemented in certain parts of the country, have been studied. The data, which has been collected as a part of this research study is related to the implementation of EMR and the results, which have been taken from a survey, which has been conducted among many families as well as some physicians who have a good reputation. A detailed analysis of all the material, which has been collected and the surveys that have been taken have all been included in the report. The main purpose of the research is to find out how easily medical records can be changed from the hard copy format to the online or paperless format. This study will also help in finding out how the change can be correlated to the difference between EMR and HIPAA violations.
Totally 51 physicians have been used during this study and they all hail from different specialties in the field of medicine and they all are practicing medicine in Los Angeles and the southern bay areas of California. A questionnaire was formatted in order to find out the results of the usage of EMRs and all the issues, which are related to the privacy of medical information of the patients. The cost, which has been incurred in the enforcement of the EMR, has also been taken into account in this survey. The physicians have also stated as to how EMRs will be useful to them and how they will help in the improvement of the quality of the medical care, which is being provided to the patients, and how the amount of errors can be reduced and the costs can also be reduced.
When the 51 physicians who were practicing medicine in Los Angeles and the south bay areas of California were made to answer the questionnaire, their response with regards to EMRs was on the positive side. An analysis of statistics was done in order to find out the correlation between the implementation of EMRs and the number of HIPAA violations. This study will also help in finding out the positive and negative effect of EMRs in the field of healthcare.
The questionnaire comprises six portions. The first section had questions, which were relevant to the profile of the physician as well as his practice and this also included details regarding the patients. The second section of the questionnaire contained questions about the implementation of EMRs in their practice and how this has helped in making their practice smoother. The third section contained questions about the costs, which have been incurred in the maintenance of EMR. Details regarding the benefits, which have been procured by the implementation of the EMR, were covered in the fourth section of the questionnaire. The fifth section covered details of any challenges, which are being faced after the implementation of the EMR.
Changes by HIPAA in the stimulus package
Posted at July 30, 2009
The US President Barrack Obama signed the American recovery and reinvestment act last month. This act is also known by the name of the stimulus package. But people are not aware of the changes, which this law will incorporate in the world of the security rules, which come under HIPAA or the health insurance portability and accountability act of 1996. Due to this change, all business associates should abide by the rules from now on and any kind of breach or misdemeanor should be reported and penalties should be implemented and damages should be claimed for any kind of violation of any of the rules.
The biggest change which has come about in the security rules of HIPAA is the number of organizations which come under the scrutiny of HIPAA or which will be known as covered entities under HIPAA. All the security rules, which will have to be followed by business entities, will also have to be followed by business associates. All business associates should also follow all the administrative, physical and technical safeguards, which come under the security rules of HIPAA. A security official will have to be appointed by every business associate and written procedures should be implemented and all the employees of the company should be trained in order to protect the privacy of the medical information of the patients. The data regarding the patients should be preserved in a safe and secure manner. A business associate can also be levied with all the civil as well as criminal liabilites, which are applicable to a covered entity under HIPAA.
The second change, which has been made under the security rules of HIPAA, is that every breach of security should be informed to the authorities. All covered entities and business associates under HIPAA should inform the concerned individual about any breaches in the privacy and security of their medical information. When the private medical information of a patient has been revealed to any outside source either intentionally or by accident, then the concerned person as well as the authorities should be notified immediately about the incident. The person can be notified either by regular mail or by e-mail depending on the preference, which has been stated, by him or her. When a security breach has taken place on a large scale, which means the details of 500, or more people have been revealed then a prominent media agency should also be informed about the leak in information. The department of Health and Human Services should also be notified of any breach in security and there is a separate individual website which has been opened in order to provide information regarding the breach in security of private information.
The penalties, which have to be paid in the event of a violation, have also been increased. The fine for every violation is $100 for every individual and it has been increased to $1000 for every individual. The fine which will be levied for willful neglect can be anywhere between $10000 to $250000.
HIPAA Compressed
Posted at July 29, 2009
The rules and regulations, which come under HIPAA, will be under two basic sub-divisions namely privacy and security. According to these, all the possible threats to the system need to be properly identified and determined and the loopholes and vulnerable areas in the system also need to be identified. Proper methods to take care of these vulnerable areas should be devised and the required rules and regulations as well as policies should be implemented which will help in achieving this goal.
There is no restriction regarding making use of an EMR or electronic medical record in any kind of computer or software, which comes under HIPAA. But you need to make sure that the data which has been stored on your computer is completely safe and that it cannot be stolen easily and you should also make sure that the database which contains the medical information regarding patients is completely secure and that no one can simply log onto the database. Enough backups should be created for the information, which has been stored so that it can be used in case the hard drive crashes. You should also make sure that the internal network, which contains all the medical information regarding patients, is completely safe and secure so that no outsider can enter the network.
Companies and organizations which are storing their medical records as a hard copy or in a paper format should make sure that the place of storage of all the medical records is completely safe and that the medical records will not get damaged in the event of a fire or any kind of theft. There should be a proper system in place, which will help in monitoring the movement and activities of people who can gain access to the medical records that have been placed in the storage area.
The penalty which will be incurred on violation of any of the rules which come under HIPAA will be $100 for each person and for every medical record which has been tampered with and this fine could also come up to $25000 in a year. But if the violation has only taken place due to certain unforeseen circumstances, then a certain time period will be allotted in which the problem can be set right.
When electronic medical records are used, meeting most of the requirements, which come under HIPAA, will not be very difficult and people need not worry about them. The server of the computer should be placed in a room which is completely safe and secure and which can be locked. People who want to make use of the system should have all the required authorization and permissions in order to access the database. Extra copies or backup copies of all the data should be kept in a safe and secure place so that they can be used in the event of an emergency. A person specializing in the field of computers and networking should be employed so that he can take care of the maintenance of the database, network as well as the computer.
Hipaa Introduction
Posted at July 27, 2009
In 1996, the health insurance portability and accountability act (HIPAA) was incorporated by the department of Health and Human Services. These rules and regulations have been designed so that they can safeguard the privacy of people with regard to their medical records. According to this act, personal information regarding the medical background of the patient cannot be revealed without any valid reason and this has brought about a sea change in the method of handling of health care information.
The rules and regulations of HIPAA are applicable to a very broad spectrum of people. All kinds of health care plans as well as health care providers, health care clearing houses and billing companies are bound by the rules as well as regulations of this act. All the organizations, which come under the stipulation of this Act, are known as covered entities. Anyone who is even remotely associated with the field of health care will be bound by the rules and regulations of this act. This is also likely to affect people who make use of health care services.
Companies, which offer medical transcription services and the employees of such companies, are not included under the “covered entities” of HIPAA. According to this Act, medical transcription services come under the classification of business associates. According to this act, a business associate is “any person or organization that performs a function or activity on behalf of a Covered Entity, but is not part of the Covered Entity’s workforce (employees, volunteers, trainees and others under the Covered Entity’s direct control, regardless of whether they are paid by the Covered Entity.” But the rules and regulations, which are being implemented in every state, are different and they will also differ from the regulations, which have been imposed at the national level. Certain states might define medical transcription companies as covered entities.
Business associates do not come under the direct governance of HIPAA. But all those organizations, which are covered entities under HIPAA, should sign a written agreement with all business associates in order to ensure that the medical information of patients is kept safe and secure. These clauses should be a part of the contract, which is signed between the covered entity and the business associate. Business associates will find that covered entities to which their services are offered will be very strict in the compliance of all these rules and regulations with relevance to HIPPA. All the covered entities should devise their own methods to ensure that their business associates do not flout any of the terms and conditions of the contract with regard to the disclosure of the medical information of the patients.
HIPAA was incorporated in the year 2001 but a small time period was given for people to implement the rules and regulations, which come under this Act. According to HIPAA, there should also be standards for the electronic transmittal of documents. The standards, which have been prescribed by HIPAA, are ANSIX12. These standards are regarding the content as well as the format of the medical information, which is being transferred in an electronic manner.
The main purpose of this Act is to curtail the free distribution of medical information of the patient. These rules have been designed keeping in mind the transmittal of information in any manner be it orally, through paper or in an electronic format. This also curtails revealing any personal identification regarding the patient like name, address, telephone number, social security number etc. Covered entities, which do not follow the rules and regulations, which have been outlined under HIPAA, will definitely have to pay some kind of penalty, which could also include a fine. Criminal charges can also be pressed depending on the circumstances.
HIPAA products guide
Posted at July 24, 2009
HIPAA has led to sweeping changes to health care administration and information systems as health care organizations struggle to achieve cost-effective compliance by 2003.All health care entities that process health-related data are required to comply with the U.S. Department of Health and Human Services’ (HHS) Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The U.S. Congress designed the Health Insurance Portability and Accountability Act (HIPAA) in 1996. Title I of HIPAA safeguards health insurance coverage for workers and their families when they lose or change their jobs. According to title II of HIPAA, the Administrative Simplification (AS) provisions, necessitates the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The purpose of all these standards is to improve the efficiency and effectiveness of the nation’s health care system by encouraging the extensive use of electronic data transactions in health care.
HIPAA is designed to regulate the way all health care organizations electronically exchange sensitive patient data and to protect patients from illegal disclosure of their medical records (whether paper or electronic). It means that if personal information is stored on computer databases, tapes, disks, or transmitted with the assistance of faxes or the Internet, in addition to anything written down or talked about, steps must be taken to ensure a patient’s privacy.
Today a number of HIPAA products and services are being offered both online and offline, such as, online HIPAA training, privacy manuals and template policies, security manuals and template policies, security products, disclosure tracking systems, compliance consulting services, etc. All these products are designed basically to guide you through the formidable transition of HIPAA compliance and help you navigate the complex and tedious regulatory environment created by HIPAA.
The online HIPAA training is a very convenient tool to learn about HIPAA. Moreover, it is available whenever and wherever you have an internet access. The privacy manuals and template policies are the workbooks that will lead you through a careful assessment of your company’s Privacy compliance plan. The security manuals and template policies are those workbooks that will guide you through a careful assessment of your company’s Security compliance plan. The security products include network security scanning and automated online backup. The network security scanning or the HIPAA e-probe beats hackers to the punch by vigilantly probing your Internet connected systems for vulnerabilities before the hackers can find and exploit them. The automated online backup or the e-backup lets you control the configuration and operation of your entire organization’s backup system from a single location. Monitoring and administration of all backup and recovery tasks are controlled from a single workstation. The disclosure tracking systems are those software programs that are designed and developed to address the requirement of covered entities (health care providers, payers, and clearinghouses) to record the required elements for the patient’s right to an accounting of disclosures. The compliance consulting services include onsite consulting services and the business associate certification.
HIPAA Legislation Guide
Posted at July 24, 2009
The Health Insurance Portability and Accountability Act or HIPAA, which was enacted by the US Congress in 1996, has introduced to sweeping changes in health care administration and information systems. HIPAA is a federal law that has been amended to the Internal Revenue Code of 1986 which intends to improve portability and continuity of health insurance; combat waste, fraud and abuse in health insurance and health care delivery; promote the use of medical savings accounts and improve access to long-term health care services and coverage; and simplify the administration of health insurance.
HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). Under HIPAA, there are specific standards that all health care organizations are required to adhere to. These standards include an Administrative Simplification Title that is aimed at preventing health care fraud and abuse. Within this title, there are several laws and proposed standards including Electronic Health Transactions Standards, Privacy & Confidentiality Standards, Unique Health Identifiers, and Security & Electronic Signature Standards.
These HIPAA laws and standards directly apply to the following groups of health care entities: health plans, public and private payers, health care insurers, HMOs, Medicare, Medicaid, group health plans, health care clearinghouses, any entity that facilitates the processing of non-standard formatted health information and must convert the non-standard data into standard transactions, or vice versa, Health Care Providers, providers who transmit health information electronically, providers who receive individual health information, and providers who electronically maintain health information used in electronic transmissions between entities.
Non-compliance with HIPAA regulations may cause disruptions in an organization’s day-to-day business processes, resulting in both tangible and intangible costs. The most serious implications of HIPAA non-compliance for health care organizations include the inability to effectively conduct electronic business and the potential of losing significant segments of business. The government also imposes some sanctions on those who fail to comply with the regulations of HIPAA. The penalty for failure to comply with regulations goes up to $100 per violation per person up to a maximum of $25,000 per year. Penalty for knowingly and wrongfully disclosing individually identifiable health information is up to $50,000 per violation or one year imprisonment or both for simple offense; up to $100,000 per violation or five years imprisonment or both if the offense is “under false pretenses”; and up to $250,000 or ten years imprisonment or both if committed with intent to sell, transfer or use for commercial advantage, personal gain or malicious harm.
Thus, the ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information. It helps to promote the modernization of health information systems. Becoming HIPAA-compliant is a challenging task because of extensive cross-departmental compliance and training requirements but it is an ongoing administration, privacy and security challenge that must be constantly addressed.
HIPAA And Privacy Guide
Posted at July 24, 2009
HIPAA has led to sweeping changes to health care administration and information systems as health care organizations struggle to achieve cost-effective compliance by 2003. The US Congress enacted the Health Insurance Portability and Accountability Act or HIPAA in 1996. The act covered a wide array of issues surrounding the health insurance industry but in particular it required administration simplification, which addressed the issue of security and privacy of health information.
HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). HIPAA outlined standards to improve the nation’s health care system by incorporating electronic data exchange between health care providers. The idea of course was to allow various health providers to access the records of a particular patient. So, when a patient visits a new hospital, the covering doctor can access that patients past record and in so doing provide him with better care. However, as one could envisage, this raised a great number of apprehensions with respect to the privacy and confidentiality of people’s medical records. So the legislature created a fundamental list of rules and regulations with which health care providers must comply. And the creation of these rules and regulations gave birth to the industry that is called HIPAA Compliance.
To ensure HIPAA compliance, there are certain key provisions, which need to be followed. For instance, individuals should be able to access their records and request correction of errors. Also, they should be informed about how their personal information will be used. The ‘protected health information’ (PHI) indicates that the information cannot be used for marketing purposes without the clear consent of the patients in question. People should be able to ask their covered entities (which maintain PHI about them), to ensure that their communications with the patient are confidential. It should be possible for people to file formal privacy-related complaints to the Department of Health and Human Services (HHS) Office for Civil Rights. Covered entities should document their privacy procedures, however, they have discretion on what to include in their privacy procedure. They are required to designate a privacy officer and train their employees. Covered entities can use an individual’s information without the individual’s consent if the purpose is to provide treatment, obtain payment for services and to perform the non-treatment operational tasks of the provider’s business. Some of the agencies, government bodies and individuals who can access the medical records of a person under HIPAA compliance rules are the insurance companies, employers, courts, hospitals, or individual physicians. This is also considered as a downside of the HIPAA Privacy rule because sponsors of a research study; makers of drugs for the particular study and the researchers involved in the study are included in this list.
However, the ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information.
