In an effort to improve confidentiality and security of health care information, the federal government introduced HIPAA or Health Insurance Portability and Accountability Act in 1996. Since the time of its inception, HIPAA has made a considerable impact on how sensitive patient details and info is being handled in healthcare industry. The significance of complying to HIPAA can’t be overemphasized as failure to follow the regulations can lead to prison terms or hefty fines.
Under HIPAA, business associates as well as covered entities are obligated to guarantee the privacy of PHI or Protected Health Information. Covered entities may include health care providers similar to physician practices and hospitals as well as health plan clearing houses and health plans. Business associates refer to companies that are doing services for covered entity and consequently, need to maintain, transmit or receive PHI.
HIPAA has comprehensive requirements for any companies and organizations that hold PHI. They’re required as well to give special attention in safeguarding physical security of data and access to PHI must be limited only to key personnel. As for the administrators, they have to be mindful of potential threats while updating the security on a regular basis in order to identify possible dangers that are posed by data hacking and phishing scams.
Resources Tips for The Average Joe
Covered entities on the other hand must put a compliance program in place and make sure that relevant personnel are well aware of HIPAA requirements. They should evaluate security controls every now and then and be sure that PHI is encrypted. Data that’s encrypted can’t be accessed if it’s stolen or loss.
Getting Down To Basics with Wellness
Being a HIPAA compliant is important as this guarantee that the covered entity is prepared well in case there is HIPAA investigation or audit.
HIPAA has an audit program which randomly selects entities for an audit. The audits are performed by the OCR or Office of Civil Rights in Department of Health and Human Services. OCR is the one in charge for enforcing the privacy and security regulations of HIPAA. The main purpose of audit is to evaluate compliance with HIPAA’s security rules and privacy along with the Breach notification rules. What this mean is that, if there is a breach in security regarding Protected Health Information, the business associate or covered entity must advise the affected person about the incident.
HIPAA may also perform an investigation based on adverse findings of the random audit or in response to compliant filed towards the covered entity. The law states that the covered entity should cooperate with the investigation, after all, the complaints are being filed with OCR.