HIPAA Compliance

What in the world is HIPAA Compliance? HIPAA stands for the Health Insurance Portability and Accountability Act. It sets the standard for protecting sensitive patient data. Companies that work with protected health information must ensure that all the required physical, network, and processed security procedures are in place and followed completely. The main goal for HIPPA to exist is right in it’s name, Health Insurance Portability and Accountability Act. It is to make it a lot easier for people to keep health insurance, and to protect the confidentiality and security of healthcare information. It also helps the entire healthcare industry control administrative costs. The easiest way to stay compliant is through the purchase of HIPAA compliance software.

In 1996 Congress enacted HIPAA in response to a couple issues facing health care in the United States. The issues included coverage portability, privacy, security, and fraud. The U.S. Department of Health as well as the Human Services Office of Civil Rights is tasked with applying HIPAA’s Privacy and Security Rules. People who have admission to protected health information should be aware that a State law concerning HIPAA guidelines might be more severe than the Federal HIPAA law.

Who regulates the Health Insurance Portability and Accountability act? The HIPAA privacy and security rules are enforced by the OCR or Office for Civil Rights. When a person feels as if a covered entity, or business associate infringed their health information privacy rights or committed another violation of the Privacy, Security or Breach Notification Rules then that person may file a health information and security complaint with the Office of Civil Rights. The OCR will carefully review all health information and security complaints. There are two reasons under the law where OSR can take action. The first one being the person filed a complaint within 180 days of the violation. The second is if a covered entity or business associate violated the person’s rights. During an investigation if the OCR determines the entity or business associate may not have complied with the HIPAA rules, that entity or business associate must take corrective action, voluntarily comply with the HIPAA rules, and agree to a settlement. Sometimes the covered entity or business associate does not take responsible action to resolve the matter. When this happens OCR might decide to impose civil money penalties on the covered entity. If the civil money penalties are imposed, the covered entity may request a hearing in which an HHS administrative law judge decides if the fines are reinforced by the evidence in the specific case. It’s incredibly difficult, or almost impossible, to remember all of the HIPAA rules off the top of your head. In many cases having a HIPAA compliance checklist on hand can make your job a million times easier.

The top kinds of HIPAA violations are due to lost or stolen devices, hackings, improper disposals, third-party disclosures, employee dishonesty, unauthorized release of PHI, lack of training, unsecure records, and people with big mouths.

People and organizations who seek compliance with HIPAA should consider, Risk assessment software, Risk Management, Sanction Policy, Information Systems Activity Reviews, employee oversight, officers, multiple organizations, ePHI access, Security Reminders, protection against malware, login monitoring, password management, response and reporting, Contingency plans, contingency plans updates and analysis, emergency mode, evaluations, and business associate agreements.