Presentation on theme: "Health Insurance Portability and Accountability Act (HIPAA)HIPAA."— Presentation transcript:
Health Insurance Portability and Accountability Act (HIPAA)HIPAA
Title I of HIPAA Protects health insurance coverage for workers and their families when they change or lose their jobs. Limits restrictions that a group health plan can place on benefits for preexisting conditions.
Title II of HIPAA Known as the Administrative Simplification (AS) provisions Requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers It helps people keep their information private
Title 2 of HIPAA – cont’d The HIPAA Privacy Rule regulates the use and disclosure of certain information The transactions and code sets rule: After 2005, most medical providers that file electronically will have to file their electronic claims using the HIPAA standards in order to be paid. Security Standards: – Administrative, – Physical, and – Technical
Administrative Safeguards Written privacy procedures Designate a privacy officer for developing and implementing all required policies and procedures. Management oversight and organizational buy-in to compliance with the documented security controls. Clearly identify employees or classes of employees who will have access to electronic protected health information (EPHI). Access to EPHI must be restricted to only those employees who have a need for it to complete their job function. Address access authorization, establishment, modification, and termination. Appropriate ongoing training program. In out-sourcing business processes to a third party, ensure the vendors also comply with HIPAA requirements. A contingency for responding to emergencies. Internal audits.
Physical Safeguard – Control introduction and removal of hardware and software from the network. (When equipment is retired it must be disposed of properly to ensure that PHI is not compromised.) – Access to equipment containing health information should be carefully controlled and monitored. – Access to hardware and software must be limited to properly authorized individuals. – Required access controls consist of facility security plans, maintenance records, and visitor sign-in and escorts. – Policies are required to address proper workstation use. Workstations should be removed from high traffic areas and monitor screens should not be in direct view of the public. – If the covered entities utilize contractors or agents, they too must be fully trained on their physical access responsibilities
Technical Safeguard To protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient. When information flows over open networks, encryption must be utilized Ensure data integrity Ensure no unauthorized change or deletion Authenticate entities it communicates with
The Unique Identifiers Rule (National Provider Identifier) Providers completing electronic transactions, healthcare clearinghouses, and large health plans, must use only the National Provider Identifier (NPI)National Provider Identifier To identify covered healthcare providers in standard transactions 10-digit identification number issued to health care providers HIPAA 101