What is HIPAA Compliance?
HIPAA (Health Insurance Portability and Accountability Act) requires any entity whether they are a Covered Entity or a Business Associate to protect the private information of patients. HIPAA encompasses many rules:
The Privacy Rule has been around since 2003. The Privacy Rule has evolved over the years and while most Covered Entities think they have addressed all the Privacy requirements, most have not and don’t know it until they are audited.
The Security Rule was created to address electronic patient data. In 2005 very few Covered Entities were using electronic data so the Security Rule was ignored.
The HITECH Act was introduced in 2009 and incentives offered to adopt Electronic Health Records through the American Recovery and Reinvestment Act (ARRA). With the CMS incentives, Covered Entities are required under Meaningful Use to “Protect Electronic Health Information”. It may only be a Yes or No question but it is SO much more than that. It was a re-introduction of the Security Rule. This is also known as the “Interim Final Rule”.
The Omnibus Rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. The Omnibus Rule is known as the “Final Rule”. This rule has been a game changer since the Office for Civil Rights (OCR) can hold Business Associates and Subcontractors of Business Associates liable for data breaches. Meaning, anyone who has contact with Protected Health Information (PHI or ePHI) can be fined and penalized. It also gave patients more rights over their information. It streamlined the ability for patients to authorize the use of their health information for research purposes and made it easier for parents and others to give permission to share proof of a child’s immunization with a school. This rule is based on statutory changes under the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, and the Genetic Information Nondiscrimination Act of 2008 (GINA) which clarifies that genetic information is protected under the HIPAA Privacy Rule and prohibits most health plans from using or disclosing genetic information for underwriting purposes.
In other words… HIPAA is no longer easy to understand or follow without proper Education and Support.
Download the HIPAA Compliance Checklist