HIPAA

HIPAA

 

By utilizing our managed IT services, your practice will be able to meet current laws and regulations. Hipaa is a critical government regulation, yet many practices ignore it. Not only can neglecting to make sure your practice leave you vulnerable to patent data loss, non-compliance can cost millions in fees. Here at Microtime, we make sure your practice is current with HIPAA regulations, giving both your practice and your patents peace of mind knowing data is secure.

HIPAA

(Health Insurance Portability and Accountability Act)

The privacy rule is designed to protect patient’s medical information that is handled electronically. It requires that the health care provider implement certain “adequate” safeguards to protect medical records and patient information from illegal, improper, or any other use conducted without patient authorization.

The rule regulates the use of “PHI”, or protected health information, by “covered entities”, which include health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in electronic transactions. The definition of covered entities has recently been expanded to include independent contractors of said covered entities who can be defined as business associates. PHI is any information held by the covered entities that pertains to a patient’s medical records or their payment history or information. This information can only be disclosed either upon request of the patient or to law enforcement agencies in cases of suspected child abuse or other instances as required by law. When an entity does disclose a patient’s PHI, it must make every effort to only disclose the minimum amount of information that is required to complete the task.

The privacy rule also gives a patient the right to request that any inaccurate information be corrected. The covered entity must take reasonable steps to ensure the confidentiality of any communication with a patient. Furthermore the rule requires that covered entities inform patients of any use of their PHI, and to track the discloser of said information. Any covered entity must appoint a Privacy Official or contact person who is responsible for receiving any complaints, and training other employees in the use of PHI. Additionally, individuals have the right to file a complaint about any breach of the provisions set by this rule to the HHS Office of Civil Rights.

The HIPAA Privacy Rule establishes a minimum set of procedures that must be implemented to protect individual’s PHI, including but not limited to:

  • Ensuring the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.
  • Protecting against any reasonably anticipated threats or hazards to the security or integrity of such information.
  • Protecting against any reasonably anticipated uses or disclosures of such information that are not permitted or required by law
  • Ensuring compliance with these procedures by its workforce.

In addition:

(1)    Covered entities and business associates may use any security measures that allow the covered entity or business associate to reasonably and appropriately implement the standards and implementation specifications required by this rule.

(2)    In deciding which security measures to use, a covered entity or business associate must take into account the following factors:

i.             The size, complexity, and capabilities of the covered entity or business associate.

ii.            The covered entity’s or the business associate’s technical infrastructure, hardware, and software security capabilities.

iii.            The costs of security measures.

iv.            The probability and criticality of potential risks to electronic protected health information.

For more information in the regulation and how it could affect your business, visit: http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html

For additional information on the newest modifications to the privacy rule under the HITECH act, visit:

http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf and skip to page 6.