What Is HIPAA Compliance?
HIPAA, is the abbreviation for the Health Insurance Portability and Accountability Act which sets a governmental standard to protect sensitive patient data in all medical facilities and offices. Any company that deals with patient information and protected health information (PHI) must ensure that all the required physical, network & process security measures are in carefully place and followed.
Who Needs To Be HIPAA Compliant?
The HIPAA Security Rule applies to all health plans, healthcare clearinghouses, and to any healthcare provider who transmits protected health information (PHI) in electronic form, or electronic protected health information (ePHI). According to the U.S. Department of Health and Human Services, those that fall under this category are known and referred to as Covered Entities (CE).
The following is a more specific list of who needs to be HIPAA compliant:
- Covered healthcare providers (hospitals, clinics, regional health services, individual medical practitioners) that carry out transactions in electronic form
- Healthcare clearinghouses
- Health plans (including insurers, HMOs, Medicaid, Medicare prescription drug card sponsors, flexible spending accounts, public health authority, in addition to employers, schools or universities that collect, store or transmit EPHI, or electronic protected health information, to enroll employees or students in health plans)
- Their business associates (including private sector vendors and third-party administrators)
Steps to be in compliance
1. SURVEY / AUDIT
United States Health Insurance Portability and Accountability Act (HIPAA) security rule consists of a series of administrative, technical, and physical security safeguards. Every organizations in the United States must follow these rules in order to make sure that electronic protected health information is confidential. To make sure that they safeguards are in place there is a form with over 490 questions that are need to be answered. These questions are in the areas of administrative, technical, and physical security.
The HIPAA security rule consists of the safeguards in the areas of Administrative, Physical, and Technical. Each set of safeguards consists of a number of standards, these standards include a number of implementation blueprints that can be either required or addressable.
- If an implementation specification is required, the entity must implement procedures & policies that meet the specified standards.
- If an implementation specification is addressable, then the entity must assess whether it is an appropriate and sensible safeguard in their environment.
The Future of Health Care
Health maintenance practices have been mandated by the U.S. Government to reform the way they use information technology.
Part of the American Recovery and Reinvestment Act of 2009 includes a section called the Health Information Technology for Economic and Clinical Health Act (HITECH) which ensures that more will be done to incorporate IT into the health care field by requiring health service providers to meet U.S. Government-mandated checkpoints with regards to that organization’s implementation of applicable technologies.
Quest Technologies can provide all the relevant information that your organization needs to begin learning the best practices for utilizing IT to cut costs, reduce downtime, and offer the most efficient care possible.
Your practice’s conversion to Electronic Health/Medical Records require secure data storage capabilities.
In the very near future all medical records will be stored digitally. Moving from an archaic file folder system to a EHR/EMR requires maintained network infrastructure, security, and backup solutions. We can help you establish HIPAA and HITECH-compliant solutions while maintaining your technology to keep it running smoothly so you can focus on your patients.
Quest Technologies is here to guide your practice through the process of utilizing applicable IT resources to seamlessly meet the challenges that your practice faces.
HIPAA Fines and Penalties
Penalties for overall non-compliance could reach millions of dollars per year.
These penalties can apply to your organization and in some cases to specific individuals jail time.