Article on HIPAA Compliance
Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is a core requirement of the stakeholders involved in health information.
HIPAA has prescribed standards with which to protect critical data relating to patients. Electronic Health Records (EHRs) are important documents that contain sensitive patient data, and are thus considered Protected Health Information (PHI). Since this data is accessible to a number of players involved in the field of healthcare; it extremely important to set regulatory guidelines aimed at ensuring that patient information remains protected. HIPAA compliance is essentially about staying in compliance with these guidelines.
Measures needed to show compliance with HIPAA
HIPAA requires a healthcare organization dealing with PHI to implement all of the following measures and comply with them:
- Physical measures
- Network measures, and
- Process security measures
The role of HIPAA Privacy Rule and HIPAA Security Rule
HIPAA has set out two important rules that pertain to compliance. These are the HIPAA Privacy Rule and the HIPAA Security Rule. While the Privacy Rule relates to how the medical information of a patient is saved, accessed and shared; the Security Rule is about how to implement national security safeguards for protecting electronic PHI, or ePHI.
Who all need to be HIPAA compliant?
- Covered Entities (CE): Anyone involved in the treatment, payment and operations in healthcare
- Business Associates (BA): Any person who has access to patient information and is involved in supporting treatment, payment or operations. These include third-party administrators and private sector vendors
- Those with whom BA’s work, or those that are called subcontractors
- Hosting providers. These typically include healthcare software providers (Software-as-a-Service, or SaaS), healthcare providers, plus other healthcare employers
- Any covered healthcare provider that carries out transactions in electronic form, such as individual medical practitioners, clinics, hospitals, and regional health services
- Healthcare clearinghouses
- Health plans
This link ( http://bit.ly/Online-training-HIPAA-HITECH ) has more on this topic for your reference