HIPAA ResourcesWHAT IS HIPAA? The Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act. Title II includes a section, Administrative Simplification, requiring: Protection of confidentiality and security of health data through setting and enforcing standards. More specifically, HIPAA calls for: Security standards protecting the confidentiality and integrity of individually identifiable health information, past, present or future. The bottom line: sweeping changes in most healthcare transaction and administrative information systems. WHO IS AFFECTED? All health care providers, even 1-physician offices; health plans; employers; public health authorities; life insurers; clearinghouse; billing agencies; information systems vendors; service organizations; and universities. ARE THERE PENALTIES? HIPAA calls for severe civil and criminal penalties for noncompliance, including: -- fines up to $25K for multiple violations of the same standard in a calendar year -- fines up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information COMPLIANCE DEADLINES? Most entities have 24 months from the effective date of the final rules to achieve compliance. Normally, the effective date is 60 days after a rule is published. The Transactions Rule was published on August 17, 2000. So the compliance date for that rule is October 16, 2002. The Privacy Rule was published on December 28, 2000, but due to minor glitch didn’t become effective until April 14, 2001. Compliance is required for the Privacy Rule on April 14, 2003. WHO MUST COMPLY WITH HIPAA? Any organization that electronically stores or transmits individually identified healthcare information must comply with the Security regulation. So, if the organization files a claim electronically, or electronically stores any healthcare info that can be tracked back to an individual, they must comply with the appropriate HIPAA regulation. SINCE THE REGULATIONS REFER TO ELECTRONIC COMMUNICATIONS, WHAT MEDIA FALLS INTO THAT CATEGORY? HIPAA applies to all communication that is stored or transmitted electronically, or that has been stored or transmitted electronically in the past. Media includes, but is not limited to, computer databases, tapes, disks, telecommunications, FAX, Internet, networks. HIPAA Security Requirements The basic rule established by HIPAA is that covered entities may not use or disclose individually identifiable health information unless authorized by the individual or permitted under the regulations. The HIPAA health information security standard requires entities that engage in electronic maintenance or transmission of health information to: (1) assess their own security needs and risks, and (2) devise, implement, and maintain appropriate security to address their business requirements. The steps, which are to be documented and maintained regularly, are: * Administrative procedures * Physical safeguards * Technical security services * Technical security mechanisms PAMAR SYSTEMS, HIPAA, AND YOU Company officials will review the recently released HIPAA guidelines to evaluate the potential impact on its customers operations, and work with them to minimize any disruption caused by these new government rules. Here are a few links for additional information :
|
|||||||||||||||||
| HOME | PRODUCTS | ABOUT US | FORUM | DOWNLOADS | NEWS | CAREER | | CONTACT US | LINKS | |
PAMAR
SYSTEMS, INCORPORATED
• VANCOUVER, WA 98660 •
360 992-4120 • 800 727-2627 • Email