Welcome, Guest | Sign in
Become a Reseller
  • What is HIPAA?

    The Standards for Privacy of Individually Identifiable Health Information(Privacy Rule) established a set of standards to protect health information. The U.S. Department of Health and Human Services(HHS) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA provides guidelines for the organisations to implement secure handling of protected health information.


  • Need for HIPAA

    The main aim of HIPAA is to protect the individual's health information during its transmission by a covered entity or its business associate, in any form, whether electronic, paper or oral. The Privacy Rule calls this information as Protected Health Information (PHI). If a system handles billing as well as client tracking, then it must support HIPAA standards. Apart from this, automation, secure transaction, privacy are expected to result in administrative efficiency.


    E-billing is facing serious threats due to hackers. HIPAA applies to any organization that transmits any electronic billing information such as invoices, or information needed to look up insurance information to any health insurance company, including Medicare or Medicaid. This means that HIPAA typically regulates organizations providing counseling, therapy or other services that need to bill insurance companies.


  • HIPAA in Risk Management

    The 2009 American Recovery and Reinvestment Act (ARRA), includes a section called the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HITECH Act adopts “electronic health records” (EHRs) to improve efficiency and lower healthcare costs. Due to the increase in privacy and security risks, the HITECH Act introduced new security and privacy related requirements for business associates under HIPAA.


    The fines for non-compliance with the HIPAA privacy rule have increased significantly with the introduction of the HITECH Act. An organization can now be fined up to $1,500,000 per calendar year for each violation.


  • HIPAA in IT

    Security standards applies to the protection of electronically stored or transmitted information from corruption by viruses or theft by hackers or sending PHI on unsecured channels. The security standards are not intended to address how paper information is stored. They mandate safeguards for physical storage maintenance, protection, and access to individual health information.


    Access to equipment containing useful information should be carefully controlled and monitored. Permission to access hardware and software must be limited to authorized individuals. Access controls must consist of security plans, maintenance records, and visitor sign-in and escorts. Workstations should be removed from high traffic areas and monitor screens should not be in direct view of the public. If the covered entities utilize contractors or agents, they too must be fully trained on their physical access responsibilities. Automated security updates are another feature that could be used to help limit the scope of security threats.


  • How to follow HIPAA?

    IT organisations must follow the below mentioned HIPAA guidelines inorder to protect Health Information from unauthorised usage:

    • Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.
    • Implement hardware, software, and procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
    • Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
    • Implement procedures to verify that a person or entity seeking access to electronic protected health information is the authorised one.