HIPAA Compliance
What is HIPAA?
The U.S. Congress ordained the Health
Insurance Portability and Accountability Act (HIPAA) in 1996.
|
 |
Title I of HIPAA protects health insurance coverage for workers and their families
when they lose or change their jobs. According to title II of HIPAA, the
Administrative Simplification (AS) provisions, requires the
establishment of national standards for electronic health care
transactions and national identifiers for providers, health insurance
plans, and employers.
The AS provisions also address the security and
privacy of health data. The purpose of all these standards is to improve
the efficiency and effectiveness of the nation's health care system by
encouraging the widespread use of electronic data interchange in health
care.
Applying HIPAA
Provisions - Certain key provisions
need to be followed for HIPAA compliance.
The AS provisions are applicable to only 'covered entities'. Covered
entities are those health care providers (e.g. doctors offices and
hospitals) which engage in electronic transactions as per the HIPAA/EDI
rules, health plans (which includes health insurance companies and
employer-sponsored 'group health plans'), and health care clearing
houses. By Chris Tolamalu
Individuals should be able to access
their records and request correction of errors. Also, they should be
informed about how their personal information will be used. The
'protected health information' (PHI) indicates that the information
cannot be used for marketing purposes without the explicit consent of
the patients in question. People should be able to ask their covered
entities (which maintain PHI about them), to ensure that their
communications with the patient are confidential.
It should be possible for people to
file formal privacy-related complaints to the Department of Health and
Human Services (HHS) Office for Civil Rights. Covered entities should
document their privacy procedures, however, they have discretion on what
to include in their privacy procedure. Covered entities are required to
designate a privacy officer and train their employees. Covered entities
can use an individual's information without the individual's consent if
the purposes is to provide treatment, obtain payment for services and to
perform the non-treatment operational tasks of the provider's business.
About the Author:
Chris Tolamalu is interested in HIPAA compliance. See
http://www.hipaacompliancejournal.com for more information.
|