HIPAA
What Is HIPAA?
The United States Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA) on August 21, 1996, as Public Law 104-191. The main purpose of this law is to allow for continuity of healthcare coverage. The law outlines limitations on preexisting condition exclusions and prevents discrimination against individuals based on their health status. The law also has a section on administrative simplification that has new requirements for the electronic transmission of health information. The section on administrative simplification may be of particular interest to medical transcriptionists who receive, send, and/or store patient health information files.
If you or your company are required to adhere to the HIPAA rules on privacy, confidentiality, and security, this quick check list may be of benefit to you:
- Physical Security: Is physical access to your facility secured with ID cards, biometrics, onsite security forces, security procedures, etc.?
- Information Security: Is your transmitted data secured with 128 bit encryption, PKI, SSL, etc.?
- Desktop Access: Is access to your network limited by auto-logoff, ID/password protection,password protected screensavers, security-enabled OS (WinNT/2000-XP PRO not Win95/98/ME),appropriate personnel classifications, etc.?
- Continuity: Is your operation prepared to continue in the event of an emergency with well distributed Emergency Response Procedures, Disaster Recovery Plan(s), and Business Continuity Plan(s), all based on a Business Impact Analysis?
- Human Resources: Is an employee educational training program in place to ensure the requisite HIPAA knowledge 'level of awareness'?
- Privacy: Do you enable the patients to control their health records including access, disclosures,'minimum necessary' standard, consent and authorization, etc.
- Business Associates and Partners: Do you maintain up-to-date contractual agreements with all business parties AND do you audit their compliance?
- Auditing: Do you maintain on-site and off-site capability to retrieve pertinent records (including patient medical records with the disclosure/access trail) within the specified time-frames and will it be maintained for the requisite period?
- Documentation: Do you have all the necessary policies documented and are they followed,enforced, taught to employees, etc.?
- Certification and Maintenance: Who is your certification entity, what was the certification procedure, what standards were applied, and is it periodically reviewed, updated, and maintained?
The links below are sites with HIPAA information that you may find useful. Clicking on a link will open a new window.
General HIPAA Information
HIPAA.ORG - General Information - Lots of information and links.
U.S. Government Sites
DHHS - Administrative Simplification
CMS - Centers for Medicare and Medicaid Services
Privacy and Security
AFEHCT - American Association of Health Care Transactions
Professional Organizations
AAMI - Association for the Advancement of Medical Instrumentation
AHDI - Association for Healthcare Documentation Integrity
ADA - American Dental Association
AFEHCT - American Association of Health Care Transactions
AHMIA - American Health Information Management Association
AMIA - American Medical Informatics Association
NSI - American National Standards Institute
ASTM - American Society for Testing & Materials
HIMSS - Healthcare Information and Management Systems Society
NCPDP - National Council for Prescription Drug Programs
NUBC - National Uniform Billing Committee
NUCC - National Uniform Claims Committee
WEDI - Workgroup for Electronic Data Interchange
Please note that Medword cannot answer your questions on any aspect of HIPAA. Please direct your questions about HIPAA to a U.S. government agency or department.