HIPPA Information
We are HIPPA compliant. All our software and hardware have a firewall and antivirus.
HIPAA Compliance PLAN
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates
standards for the way your organization sends data electronically, seeks protections
for the privacy and security of patient data, and establishes uniform healthcare
identifiers.
HIPAA is a series of federal regulations and it is important that you understand what is expected of you within the workplace under these new federal guidelines.
Overview of Privacy Rule
The Privacy Standard seeks to protect the privacy of information related to an individuals’ HIPAA’s health, treatment, or healthcare payment. The Privacy Rule, which overlays entire Administrative Simplification provision, has the following requirements:
• Inform people of how their information is used;
• Give people access to information about them;
• Require health plans and providers to maintain administrative and
physical safeguards;
• Allow health information to be used and shared for treatment and payment
of health care;
• Allow disclosures for national priorities;
• Require written authorization for use and disclosure for all other
purposes;
• Require NO disclosure except to individual (and HHS for investigation
for enforcement.Overview of Security Rule
The new Security Standard will provide a uniform level of protection of all health information that is housed or transmitted electronically and that pertains to an individual.
There are four main security provisions included in HIPAA:
• Administrative Procedures (security practices)
• Physical Safeguards (protection from intrusion)
• Technical Safeguards (which provide security over data at rest and
in transit).
The Security Rule applies not only to the transactions adopted under, but also to all individual health information that is maintained or transmitted electronically. Since the Security Standard does not require specific technologies to be used, solutions will vary.
WHO DOES HIPAA APPLY TO?
Any organization that transmits or maintains protected health information either at their location or through a third party organization.
This includes:
1. Medical Providers 6. Life Insurance
2. Health Plans 7. Billing Agencies
3. Clearinghouses 8. Information Systems
4. Employers 9. Service Organizations
5. Public Health Authorities 10. Universities
WHAT INFORMATION IS PROTECTED?
Any health information that is individually identifiable to a patient is protected by the HIPAA privacy rule. This includes information in written, oral & electronic formats.
WHAT IS INVOLVED IN HIPAA COMPLIANCE?
Compliance with the HIPAA Administrative Simplification will require your organization to meet the following requirements:
1. Implement operation changes to ensure the security & confidentiality
of health information.
2. Development of policies & procedures to facilitate HIPAA requirements
by having a manual in the office.
3. Notify patients of their rights under HIPAA & your organizations legal
responsibilities.
4. Implement Administrative, Technical & Physical Safeguards to secure
electronic PHI
5. Transmit electronic transactions using HIPAA compliant formats (as adopted
by ANSI)
6. Obtain written assurances from vendors that they will safeguard health
information.
7. Train members of the work force on HIPAA & the organization’s
policies & procedures.
HIPAA PROVIDES PATIENTS WITH MORE RIGHTS
As provided by the HIPAA privacy rule patients may:
1. Request an accounting of disclosures made of their health record
2. Request amendments to their health information
3. Access & copy their health information.
4. Receive confidential communication about their health information
5. Restrict uses & disclosures of their health information.
6. Complain to your organization & to the Secretary of HHS
Privacy vs..Security
Privacy: Patients right over the use and disclosure of Personal Health Information
(PHI).
• when shared
• how shared
• extent shared
Security: Measures health care entities must take to protect access to Personal
Health Information (PHI).
• prevent unauthorized breaches of privacy
• ensure against loss of PHI
Major Components of Effective Privacy Policies
These principles are also appropriate for organizations.
1. Openness. There should be a general practice of openness about practices
and policies with respect to personal information. Means should be available
to establish the existence and nature of personal information and the main
purposes of its use.
2. Purpose Specification. The purpose for collecting personal information
should be specified at the time of collection. Further uses should be limited
to those purposes.
3. Collection Limitation. The collection of personal information should be
obtained by lawful and fair means and with the knowledge and consent of the
subject. Only that information necessary for the stated purpose should be
collected, nothing more.
4. Use Limitation. Personal information should not be disclosed for secondary
purposes without the consent of the subject or by authority of law.
5. Individual Participation. Individuals should be allowed to inspect and
correct their personal information. Whenever possible, personal information
should be collected directly from the individual.
Helpful HIPAA Hints – Privacy
Covered entities could use & disclose protected health information without individual authorization for:
• Oversight of the health care system, including QA;
• Public health, and in emergencies;
• Treatment, payment or operations;
• Judicial and administrative proceedings;
• Law enforcement;
• To provide information to next-of-kin;
• For identification of the body of a deceased person;
• For facilities’ (hospitals, etc.) directories;
• To financial institutions, for processing payments for health care;
and
• In other situations where use or disclosure is mandated by other law,
consistent with the
requirements of the other law.
Helpful HIPAA Hints - Security
Security & Electronic Signatures Mandates requirements in five broad areas:
Administrative Requirements:
Make sure you are following your organization’s procedural policies
for the monitoring and administering of access to health information.
Physical Security Requirements:
Make sure that you help to maintain the security within restricted access
areas of your organization by reporting any unauthorized access or suspicious
activity.
Technical Security Services:
Keep your username and password confidential and make sure that you do not
leave a computer terminal unattended.
Technical Security Mechanisms:
These mechanisms include the use of antivirus software and encryption of health
information. To find out what mechanisms are employed by your organization
sees your system administrator or review your organizations security policies.
We send all claims in Ansi 4010 or 837P format direct to Medicare, Blue Cross,
& Preferred Health Professionals and to the clearinghouse.
We have all the HIPAA forms that you need to run your doctor office plus we can do the manual that you need in your office. We have software that is HIPAA Compliance and has the HIPAA form build into the software. It also has the Ansi 4010 program into the software.
BILLING
HIPPA | SERVICES
| SPECIALTIES | START
UP