Originally passed in 1996, HIPAA was intended to increase the efficiency and effectiveness of the health care system. This improvement included Administrative Simplification provisions that required the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions. With the increasing use of technology there would inevitably be erosion in the privacy of health information, and an increase in risk of disclosure of that information. Recognizing this risk, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information. In December of 2000 the HHS published a final regulation in the form of the Privacy Rule, which became effective on April 14, 2001. The Rule set national standards for health plans, health care clearing houses and health care providers in dealing with the protection of health information. In order to comply with the new provisions, entities must implement standards to protect and guard against the misuse of individually identifiable health information. Failure to implement these standards may, under certain circumstances, trigger the imposition of civil or criminal penalties. The final date for compliance was April 14, 2003, and April 14, 2004, for small health organizations. In addition to the Privacy Rule, HIPAA will also require the adoption of standards for the security of electronic protected health information to be implemented by health plans, health care clearinghouses, and certain health care providers. The Security Standard stipulates that the aforementioned entities have to establish Administrative, Technical and Physical safeguards by April 21, 2005, April 21, 2006 for small health organizations. Our extensive experience working in the information security field allows us to assist organizations to comply with HIPAA. |
 |
 |
 |
 |
 |
 |
|
| Home | Contact Us | ERM Newsletter Subscription | ||||||
All Content ©2009 Enterprise Risk Management | ||||||