Monday, December 22, 2008

HIPAA Compliance

In this article, I will address HIPAA as it relates to the software and tools used by clinicians to manage their practice. The congress has put a set of rules under the HIPAA law, we will explain what's this law is about and how it applies to medical software.

What is HIPAA?

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data. As the industry adopts these standards for the efficiency and effectiveness of the nation's health care system will improve the use of electronic data interchange.

The Entities covered by HIPAA law are:

  • Health Plans

  • Health Care Providers who use certain electronic transactions

  • Health Care Clearinghouses

The HIPAA provisions are summarized as:
  • Transaction Standards and Code Sets
  • Privacy
  • Security
  • National Standard Identifiers for the Provider, Employer, Health Plan and Individual

HIPAA in Practical terms

Administrative Simplification is a method of making medical practice (the billing, claims, computer systems and communication) uniform in order for providers and payers to interact with each other through each other's proprietary systems. The changes will affect such activities as:
  • Enrolling an individual in a health plan

  • Paying health insurance premiums

  • Checking eligibility

  • Obtaining authorization to refer a patient to a specialist

  • Processing claims

  • Notifying a provider about the payment of a claim

HIPAA Privacy Right and Security

HIPAA contains a provision that is related to Electronic Data Transactions to standardize the exchange of the data between trading partners. These transactions are mandated to be in the ANSI ASC X12 version 4010 format.
In Addition to the transactions, Software industry has introduced Electronic Medical Records. To guarantee the privacy rights and secure the access to the medical records,
HIPAA provided guidlines to protect the patient's privacy.

Privacy rights

The HIPAA regulations establish standards for protecting individually identifiable health information and for guaranteeing the rights of individuals to have more control over such information. Here is the summary of these regulations:

1- Right to ask and see a copy of your records

2- Have Correction made to you records
3- Receive a notice that your information will be shared

4- Decide whether to accept that your information can be shared

5- Get a report of when and why your record is shared

6- Ask that your information shall not be shared

7- File a complaint


The HIPAA regulations have establish standards for all health plans, clearing houses, and storage of health care information to ensure the integrity, confidentially, and availability of electronic protected health information.
The Security Rule covers only protected health information that is in electronic form and we can summarize the security standard into the following requirements.

- Administrative Safeguard
These are administrative functions that should be implemented to meet the security standards. These include assignment or delegation of security responsibility to an individual and security
training requirements.

More details on Administrative Safeguard Reference

- Physical Safeguard
These are the mechanisms required to protect electronic systems, equipment and the data they hold, from threats, environmental hazards and unauthorized intrusion.

More details on Physical Safeguard and recovery

- Technical Safeguard
These are primarily the automated processesused to protect data and control access to data. They include using authentication controls to verify that the person signing onto a computer is authorized to access that.

More details on on Technical Safeguard who has accesses what information?

No comments: