HIPAA is a federal law of 1996 which is known as "Portability" law and responsibility for health insurance (Health Insurance Portability and Accountability Act). The primary goal of the Act was to help people maintain health insurance, protect the confidentiality and security of health care information and help the health care industry to control administrative costs.

 

HIPAA is divided into five titles or sections. Each title is a unique aspect of the reform of the health insurance. The already existing title I is mobility ("portability"). Mobility allows people to carry their health insurance from work to another so that they do not have a lapse in coverage. It also restricts the health plans requiring pre-existing conditions who change a health plan to another.

 

Title II is known as the administrative simplification and will have one impact for suppliers

 

 

. It is designed for:

 

∙         Combat fraud and abuse in health care;

∙         Ensure the security and privacy of medical information;

∙         Establish standards for information and medical transactions and

∙         Reduce the cost of health care through the standardization of the way in which industry communicates the information.

 

The remaining titles are:

 

∙         Title III - provisions of health related to taxes

∙         Title IV - implementation and compliance with the requirements of group health plans

∙         Title V - deductions from income

 

 

HIPAA requirements to suppliers

 

Providers are required to:

 

1 Ensure the privacy of the patient rights:

 

∙         Give patients clear explanations in writing of how the supplier may use and disclose your health information;

∙         Ensure that patients may view and obtain copies of your records and request corrections;

∙         Make a history of non-routine disclosures accessible to patients;

∙         Obtain the consent of the patient prior to sharing your information for treatment, payment, and health care activities;

∙         Obtain the authorization of the patient for purposes unrelated to health care most and non-routine disclosures and

∙         Allow patients to request restrictions on uses and disclosures of your information

 

2. Adopt privacy procedures in writing including:

 

∙         Who has access to the protected information,

∙         Will be used within the Agency and

∙         When the information will be revealed.

 

3. To ensure that business partners protect the privacy of health information.

4. Teach employees the supplier privacy procedures.

5. Designate a privacy officer who is responsible for ensuring that safety procedures are followed.

 

 

Keeping us up-to-date with HIPAA

 

On April 21, 2005 came into the Hipaa Security rule. Any covered entity that handles PHI electronically (ePHI) should already have in place mechanisms that protect the access, use and disclosure to the patient information in electronic media.

 

Employees must be informed of security measures we can take to make appropriate use of the information system. Remember that the system itself is the PHI of our patients, is ours as an employee.

 

The security rule requires covered entities to take administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of the ePHI, measures should be taken based on the size and complexity of the covered entity as for example, the strategies that a doctor will use in his private office will not be equal to them to put into force a hospital.

 

 

Categories of safety standards

 

Administrative - They are in general administrative functions such as policies and procedures that support the process of compliance with standards. They include a set of measures that protect the ePHI and that guide the conduct of the working force in relation to the protection of the information. Imply that they are in force or aspects have worked as: analysis and management of risks, security training, sanctions policy.

 

Physical - Consists of mechanisms to protect access to places, equipment and systems in which electronic protected health information is preserved. The protection goes from against environmental threats to the access of unauthorized persons.

 

Techniques - They are primarily automated processes to control access and unauthorized use of the information. It includes the use of user identification and access control mechanisms to verify that personnel making use of the information system, is authorized to do so.