HIPAA Simplified

HIPAA Simplified

MedAbiliti

January 9, 2003

HIPAA, the Health Insurance Portability and Accountability Act (1996) [ http://www.cms.hhs.gov/hipaa/ ], is a vast set of government regulations and standards. Those involved with information systems need to focus on the Administrative Simplification [ http://www.cms.hhs.gov/hipaa/hipaa2/default.asp ] provisions of the Act. Administrative Simplification calls for standardization of transactions between providers and payers. At the same time, it requires that the sharing of electronic information be done securely and privately. HIPAA regulations fall under the oversight of the United States Department of Health and Human Services (DHHS). Here is a brief overview of the three areas of the Administrative Simplification provisions of the Act:

Transactions: These transactions are typically between health care providers and payers. DHHS mandates standards of transactions codes and identifiers designed to speed up the interchange of information between entities, using Electronic Data Interchange (EDI) standards of the standards development organization X12. In addition to speeding up the interchange of information, this is also designed to save costs in the long run, although some sides may see costs rise in the short term as operations are brought into compliance and new systems replace old. This is the most technically involved aspect of HIPAA.

Privacy: The HIPAA Privacy Rule describes how patient information must be handled in the health care system. The patient is to be brought closer to the process, and the health care organization is to clearly specify what roles are to handle what patient information. This rule is applicable to all health care providers and health plans that engage in electronic transactions. An entity that is covered under the Privacy Rule must handle all information, paper-based as well as electronic, in accord with the rule. Authorization is required from the patient in most cases before individually identifiable health information is used or disclosed for other than routine purposes. Patients gain rights under this rule to access their own record, amend the record, and see an accounting of what disclosures have been made. Health care entities must follow a number of verifiable steps within their organizations, such as designating a privacy officer and training their staff on privacy policies.

Security: The Security Rule would apply to each health care entity engaged in electronic maintenance or transmission of health information. Even a one-physician office that has no electronic transactions and thus avoids the Transaction rule of HIPAA must conform to the Security Rule when dealing with any individually identifiable health information. Within an organization, a security officer must be designated, and security policies must be implemented and documented. This applies both to how people work together with medical data, as well as how machines work with information given them by people.

How MedAbiliti Can Help: To become compliant with HIPAA, any transactions being sent electronically must be made compliant with the EDI standards. In addition, an audit of existing organization policies must be taken to see where privacy and security issues may be lax. Then an organization must be educated on its regulations and policies, such policies must be implemented, and then a final audit of the organization must be done to ensure proper compliance has taken place. HIPAA is not just a goal to be reached, but a way to operate your business over time. MedAbiliti can provide the software, the system audit, and the training needed to ensure your organization is meeting the HIPAA requirements. Please contact us at info@medabiliti.com for more information.

About MedAbiliti

Medabiliti designs, develops, and deploys information solutions for the health care industry. MedAbiliti's approach to development is one that applies international quality assurance methods to application access, data analysis, and process efficiency. MedAbiliti's commitment to structured software methodology, software engineering practices, quality standards for data deployment/access, confidentiality and security of sensitive data, and commitment to customer-client management, position it as an emerging industry leader in medical software design and implementation.