HIPAA Security and Privacy Compliance Software, Risk Analysis, HIPAA consultants and consulting, HIPAA Training, HIPAA Law and Laws, HIPAA Resources and FAQ

About HipaaManager

Home
Endorsed By
Testimonials
News
Become a Partner
Careers
Contact Us

HIPAA Software

HIPAA Compliance

HCAT™ Software
RCAT™ Software
Demo Videos
HIPAA Privacy Tool
Specials
Buy Now

HIPAA Services

HIPAA Risk Analysis
HIPAA Training
HIPAA Consulting

HIPAA Information

What is HIPAA
HIPAA Laws
HIPAA Resources
Security FAQ
Privacy FAQ

HIPAA Laws

HIPAA Privacy

The Privacy compliance date of April 14, 2003 has come and gone, but how many covered entities are totally compliant? The HIPAA Privacy rule establishes standards to protect the confidentiality of individually identifiable health information maintained or transmitted electronically in connection with certain administrative & financial transactions. The rule provides new rights for individuals with respect to protected health information about them & mandates the obligations of health care providers, health plans, & health care clearinghouses. Know the Rules! Make sure you understand what level of compliance is necessary for your organization. The Office for Civil Rights (OCR), a department within HHS has been designated as the overseer for compliance with the Privacy Rules.

HIPAA Security

The final security rule adopts standards for the security of electronic protected health information that is collected, maintained, used,or transmitted electronically. These standards require measures to be taken to secure this information while in the custody of entities covered by HIPAA (covered entities) as well as in transit between covered entities and from covered entities to others. The Electronic Signature section of the proposed rule will be published in its final state at a later date and is excluded from the final security rules. The final security rules will reside in subchapter C of title 45, consisting of parts 160, 162, and 164. Subpart A of part 160 contains the general provisions applicable to all the Administrative Simplification rules. Part 162 contains the Electronic Transaction and Code Sets and will contain the identifier standards. Part 164 contains the standards relating to Privacy and Security. The Center for Medicare and Medicaid Services (CMS) has been designated as the responsible agency for overseeing compliance and complaints related to the security final rules. The Compliance Date for Security is April 21, 2005 (small health plans April 21, 2006).

Section 164.306, the statement of the general Rule, requires covered entities to:

Ensure the confidentiality, integrity, and availability of all electronic protected health information (EPHI) the covered entity creates, receives, maintains, or transmits;
Protect against any reasonably anticipated threats or hazards to the security or integrity of such information;
Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule; and
Ensure compliance by its workforce.

The HIPAA Security Rule is comprehensive (19 standards, 42 specifications etc.), the documentation requirement is daunting, no specific guidance is provided to address requirements, there are limited resources, and security expertise is limited and expensive for many small to medium sized providers.

HIPAA Electronic Transactions and Code Sets

HIPAA requirements for Electronic Transactions & Code Sets (TCS) final modifications to meet the extended deadline of October 16,2003, have been published and incorporated into the standards. HHS has designated CMS (Centers for Medicare & Medicaid Services) as the overseer for compliance. HIPAA implementation specifications can be downloaded free of charge from the Washington Publishing Company (http://www.wpc-edi.com/Default_40.asp). Publications for Code Sets are in paper & electronic form & can be purchased from vendors such as the AMA, CMS and HHS.

HIPAA National Identifiers

The National Provider Identifier (NPI) will be published in July 2003, according to the May 27, 2003 agenda become final in 2002. The NPI is proposed as an 8 position announcement in the Federal Register. No hint as yet as to the content or enumeration process.

The National Employer Identifier final rule was published on May 31, 2002. DHHS adopted the IRS's Federal Tax Identification Number retaining the hyphen after the first two numbers.

HIPPA HIPAA Manager