3. The Health Insurance Portability and Accountability Act of 1996
(HIPAA; 1936, enacted August 21, 1996) was enacted by the
United States Congress and signed by President Bill Clinton Bill
in 1996. It was sponsored by Sen. Nancy Kassebaum Title I of
HIPAA protects health insurance coverage for workers and their
families when they change or lose their jobs. Title II of HIPAA,
known as the Administrative Simplification (AS) provisions,
requires the establishment of national standards for electronic
health care transactions and national identifiers for providers,
health insurance plans, and employers.
The Administrative Simplification provisions also address the
security and privacy of health data. The standards are meant to
improve the efficiency and effectiveness of the nation's health
care system by encouraging the widespread use of electronic
data interchange in the U.S. health care system.
4. Compliance requirements for the HIPAA privacy
act took effect on April 14, 2003. The law applies to
covered entities and employees having access to
personal health information. Covered entities
include doctors, hospitals, nursing homes and
health insurance providers, but other companies
with access to protected health information are
bound to the law, and are defined under HIPAA
guidelines. Entities must designate a department
or individual to oversee policies and procedures,
administer training and maintain pertaining
documents secured.
5. Personal health information is defined as
anything that can identify a patient, including
the patient's name, Social Security number,
address and medical record number. Persons
with access to this information are bound by
the privacy act, and may only release records
for administrative or legal proceedings, health
oversights or law enforcement use. Employees
with questions regarding the release of
information must notify human resources or
the company's designated HIPAA security or
compliance officer.
6. HIPAA provides guidelines for the protection,
handling and access of physical and electronic records
of personal health information. It also sets time limits
for their retention and destruction. Federal and civil
penalties for divulging or mishandling protected
information are strict, and employers as well as
employees must be aware of the consequences.
Companies are required to govern access to personal
health information, and develop their own policies and
procedures concerning HIPAA matters. Examples of
security standards include keeping records on
company premises, electronic data encryption and
employing the use of computer screen masks while
working with protected information.
7. Have information available to employee.
Develop quarterly training for the staff.
Monitoring privacy by monitoring logging in,
location and purpose.
Organization Data Control.
8. Organization should invest funding to software
and systems security.
Update system periodically.
Keep up with technology.
Monitor who have access to patients record.
Print log in report to control access.
9. The U.S. Department of Health & Human Services
website provides links to approved training
programs. Alternatively, businesses may develop
training based on published information, adding
additional policies and procedures to reflect
individual circumstances. The training program is
best administered in multimedia format, and
must be presented to all current employees and
new hires. Each participant must sign a HIPAA
training completion form, which the firm retains
in the employee's personnel records.