Why a HIPAA Compliance Plan Is Important

Reading Time: 3 minutes

It is important to know the main reasons the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted.

The main purposes of HIPAA are as follows:

  • To make health insurance portable or to provide coverage for an individual and their families when there is a change in employment;
  • To standardize medical electronic payment transactions;
  • To establish national standards to protect individually identifiable health information also called protected health information (PHI); and
  • To prevent healthcare fraud by establishing a national fraud program.

For health care providers, health plans and health care clearing houses (covered entities) that conduct certain transactions electronically and must comply with the HIPAA Rules, the first step is ensuring the security of PHI.

This is accomplished by establishing a compliance plan with policies and procedures that comply with the following Rules, collectively referred to as “HIPAA Rules” that were enacted under HIPAA:

  • The Privacy Rule
  • The Security Rule
  • The Enforcement Rule
  • Final Omnibus Rule

The Office for Civil Rights (OCR), a division of the Department of Health and Human Services with oversight over HIPAA has made it clear that all covered entities and business associates must take compliance seriously.  For those entities who are unwilling to do so there are consequences including civil monetary penalties and criminal penalties.

To secure protected health information the HIPAA Rules provide specific requirements and detailed guidelines:

  • They establish appropriate safeguards that health care providers and others must achieve to protect the privacy of health information;
  • They give patients more control over their health information;
  • They strike a balance when public responsibility supports disclosure of some forms of data – for example, to protect public health;
  • They set boundaries on the use and release of health records; and
  • They hold violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.

This is of great benefit to patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.

  • It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made;
  • It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure;
  • It generally gives patients the right to examine and obtain a copy of their own health records and request corrections; and
  • It empowers individuals to control certain uses and disclosures of their health information.

To accomplish this it’s helpful for an organization to follow the Seven Steps of an Effective Compliance Plan that we modified for compliance with the HIPAA Rules.  An organization must complete the following to comply with the HIPAA Privacy Rule.

1. Implement written policies, procedures, and standards of conduct;

2. Designate a privacy and security officer;

3. Conduct effective training and education;

4. Develop effective lines of communication;

5. Conduct internal monitoring and auditing;

6. Enforce standards of conduct through well-publicized disciplinary guidelines; and

7. Respond promptly to detected offenses and undertake corrective action.

Most health plans and health care providers that are covered by the HIPAA Rules and business associates must establish a plan that includes the steps.

In conclusion, a HIPAA compliance plan is very important for all covered entities and business associates who handle protected health information.  To find out more or to determine if your organization is HIPAA compliant, contact HIPAA Associates or refer to their Resources page.

Author:

Al Lopez, MD is the Vice President of Operations for HIPAA Associates for the last ten years. Dr. Lopez has passed board certification in internal medicine, pulmonary, and anesthesia and holds a degree as a medical coding specialist. He has served as a Compliance Director and Privacy Officer for over ten years. In addition, Dr. Lopez is certified in Healthcare Compliance and has held various leadership roles within the hospital staff and private practice.  His main interest is in HIPAA training.

Share This:

About USA Daily Chronicles News 249 Articles
No articles on this site should be construed as the opinion of PriceofBusiness.com. Do your homework, get expert advice before following the advice on this or any other site.