Introduction to HIPAA


What is HIPAA?

The Department of Health and Human Services has developed a series of privacy regulations known collectively as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). These rules are designed to protect the privacy rights of individuals with regard to confidential medical records of them. The law greatly restricts the dissemination and transmittal of personal patient information and significant impact on how health is managed.

Each HIPAA regulations apply?

HIPPA regulations have been crafted to have broad application. The Act covers all health plans, health care providers who transmit health records electronically, health care clearinghouses and billing companies. The bill refers to these institutions as “Covered Entities”. Ultimately, however, almost everyone will be affected in any of these rules, which will affect both consumers and health care providers manner.

Are Medical Transcription Services and other 3rd party considered “Covered Entities”?

Most Medical Transcription Services and their employees are not considered “Covered Entities” under the Act unless their organization also engages in services that put them in the category of “Covered Entity”. Transcription services are usually considered by law as “Business Associates”. The law defines business associates as “any individual or organization that performs a function or activity on behalf of the Covered company, but is not part of the supplied labor unit (employees, volunteers, students and others under delivered direct control of the unit, regardless of whether they are paid processed Entity. “Be aware that state regulations may be different from the law and some states may define MT Services as Covered Entities.

business associates may not be directly controlled by the HIPAA regulations. However, they are controlled indirectly by the covered obliged to obtain written assurances from business associates they deal with to ensure that the patient identifying information is appropriately protected. These written insurance must be included in the written agreement between the Covered Entity and colleague.

Due strict requirements of the Act under contract, Business Associates can expect to Covered Entities to which they perform services will be vigilant in requiring proof of the Business Association of their partners. This will probably take different types of organization to organization. Companies covered by this part of HIPAA should plan to understand and implement their own action plans and monitoring systems to ensure that they meet the requirements of the Act.

When did HIPAA regulations take effect?

rules officially became effective on 14 April 2001. However, the Act provides for a period of time before completion been assigned. The effective date for small health care plans on 14 April 2004. All other covered entities had to be fully compatible on 14 April 2003.

Does the law apply to the transmission of Electronic Patient Information?

The law calls for standardization of electronic document transmission. The national standard has been prescribed by HIPAA for electronic medical records broadcasting is ANSI X12. This national standard regulates both the content and format of the patient information that are sent electronically between the two institutions.

What are other key provisions of the Act?

The primary focus of the law is to limit the spread of patient health information. The conditions under which information can be transferred are spelled out very clearly. If the law does not specifically allow for health information to be shared in a certain way or under certain circumstances, it is forbidden.

rules particularly relating to health information that is transmitted or maintained in form (oral, paper, electronic, etc.) and includes patient identifying information. Patient find information such as name, address, social security number, phone number, and any other information that could be used to identify an individual.

In order to be compliant, covered entities must take steps to ensure that patient information is protected in accordance with the provisions of the Act. Specifically :.

– Written notify the individuals telling them how information will be used and to whom it will be distributed (insurance and billing companies, or other health workers, for example)

– Written approval must be obtained from individual license for the use and maintenance of personal information as provided by law

-. Publication or use the information for any other purpose or any other organization that requires accurate. source person

-. every effort must be made under an agreement to reduce spreads patient information

– Health information can be transferred to Business Associates (“Business Associates” is a term usually Medical Transcription Service Providers and their staff) only after writing a guarantee is provided to ensure the protection of the information

-. Privacy officials shall be appointed by each covered entity to develop, implement and oversee privacy policy for covering organization. A main contact will also be designated to handle complaints and questions about the administration’s policies

-. All employees covered entities must get formal training to ensure they understand the requirements of privacy laws as they pertain specific obligations of

– .. Covered entities must establish adequate administrative, technical and physical safeguards to ensure that all privacy requirements are upheld within the organization

What are the penalties for non-compliance?

under contract not in accordance with the final regulation mandated compliance date deposits stiff penalties, including payment of a fine. In certain cases, criminal charges may be against the offending party.


Leave a Reply

Your email address will not be published. Required fields are marked *