While an article containing general information about the basics of HIPAA Compliance might seem simplistic, it is incredible how many professionals, especially business associates, don’t have basic working knowledge of compliance. Along with this lack of general knowledge, many, including some covered entities and their business associates are in the dark about why the HIPAA privacy rules might apply to them. In turn, this lack of information puts them at risk for HIPAA breaches, which often result in steep penalties. For example, the most recent HIPAA breach in 2004 saddled New York Presbyterian Hospital and Columbia University with a $4.8M lawsuit settlement.
In a nutshell, in 1996, the Health Insurance Portability and Accountability Act (“HIPAA”) was passed into law. In part, HIPAA sets forth policies, procedures, and guidelines for protecting the privacy and security of individually identifiable health information, which must be adhered to by certain Covered Entities and their Business Associates. More recently, in 2009 The Health Information Technology for Economic and Clinical Health (HITECH) Act was passed which helped to enforce the HIPAA requirements by raising penalties for non-compliance. The HITECH Act was born in response to the increased use of technology in the general marketplace.
The Centers for Medicare and Medicaid Services (CMS) is the chief authority and enforcer of the HIPAA Security Standards and the Department of Health and Human Services also provides guidance. All covered entities and their business associates who have access to protected health information (PHI) are required to adhere to a set of rules governing how they access, store, and transmit this sensitive patient information. The Office of Civil Rights (OCR) also conducts multiple-stage audits to ensure that organizations and business associates are in compliance.
There are various administrative, physical and technical safeguards that covered entities and business associates must put into place in order to ensure that PHI is kept safe and any vulnerability is promptly uncovered and fixed.
The goal of HIPAAtrek’s unique cloud-based software is to help simplify and guide you through the entire complex compliance process and to help ensure that your policies and procedures are strong and secure from threats. To learn more about our approach and how we can help you protect your company, contact us at email@example.com.
For additional information on all of HIPAA’s specific requirements, please see HHS.