HIPAA StatementHealthcare
Data Solutions has been prepared for HIPAA for several years, well ahead of
compliance deadlines. We have fully embraced the new standards that will
bring great efficiency to the healthcare industry. Security and privacy have always been top concerns for our organization and we continually take steps to ensure our software, networks and policies coincide with the requirements of HIPAA. In addition, the regulation mandates national standards for EDI transactions such as ANSI X12 and standardized code sets such as procedures (CPT-4) and diagnosis (ICD-9-CM). Our products support the required ANSI transactions and code sets. With our extensive commitment to research and development, we will continually update our systems to support the required formats and new codes sets as they evolve. |
|
|
|
|
HIPAA InformationThe Health
Insurance Portability and Accountability Act (HIPAA) was signed into law in
1996 with the goals of health insurance reform and administrative
simplification. To accomplish these goals, standards for transmitting health
insurance information electronically were established along with requirements
for maintaining privacy and security of patients' Protected Health
Information (PHI). For details about the law, visit the following government web site links: Centers for Medicare & Medicaid Services (CMS) HIPAA information page Department of Health & Human Services (HHS)/Office for Civil Rights (OCR) The software that your organization uses cannot alone make you HIPAA compliant. Being "HIPAA compliant" refers to meeting all the requirements of HIPAA. Using HIPAA approved electronic transactions formats and code sets are a portion of being compliant but there are many other requirements related to patient privacy and security procedures. You should seek the advice of a qualified consultant and/or refer to the information provided by CMS and HHS to determine all the steps you need to take to become and remain compliant. |
|
|
|
|
HIPAA Transactions SetsIn response to the HIPAA requirements, Healthcare Data Solutions hascreated compliant software products. These products offered by Healthcare Data Solutions are capable of creating and conducting Electronic Data Interchange (EDI) transactions in the ANSI X12 formats as required by HIPAA. To achieve compliance, you must be sure to use the approved code sets. Additional information about the transactions and code sets can be found using the following links: CHS/HHS Administrative Simplification - Transactions and Code Sets Washington Publishing Company
- HIPAA implementation guides HIPAA Privacy RuleThis portion
of the law deals with protecting the privacy of patients' Protected Health
Information (PHI). The deadline for following these requirements began on
April 14, 2003 (or April 14, 2004 for small health plans), but, unlike the
situation with transactions and code sets, there have been no contingency
exceptions regarding adhering to the requirements of the Privacy Rule. The
Privacy Rule mandates that a HIPAA covered entity must have appropriate
policies and procedures for limiting access to information that is considered
PHI and when/how PHI can be shared with other parties. HIPAA ready software can assist in following the Privacy Rule with features like password protected login and encrypted transmission of EDI data. However, the bulk of the steps your organization needs to take involve written policies, employee training and other administrative changes. Healthcare Data Solutions recommends that
you seek the advice of a qualified consultant to determine the policies and
procedures you need to become and remain compliant as required by the Privacy
Rule. HIPAA SecurityRelated to
privacy, the Security Rule deals with the requirements for health information
stored electronically and the steps a covered entity needs to take to keep
patients' PHI secure. The Security Rule compliance deadline is April 20, 2005
(or April 20, 2006 for small health plans). This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications. HIPAA ready software can assist in following the Security Rule with features like password protected login and encrypted transmission of EDI data. However, most of the steps your organization needs to take involve securing your facilities and electronic equipment as well as written policies, employee training and other administrative changes. Following the Security Rule involves consideration of the specifics of your physical location, computer network, handheld devices, wireless devices, Internet connections and all places where the security of PHI must be protected. In addition to policies, training and administrative changes, your compliance will involve security practices considered appropriate to protect PHI such as data firewalls, data encryption, network password policies, and the security of your facility. The standard does not address the extent to which a particular entity should implement the specific features. Instead, the rule requires that each affected entity assess its own security risks to devise, implement and maintain appropriate security that address its business requirements. How individual security requirements are satisfied is a business decisions that each organization will have to make. Because security is intertwined with privacy, covered entities must implement security procedures before the deadline. The scope of requirements for the Security Rule are complex ranging from data networks and equipment to securing your physical locations. Healthcare Data Solutions recommends that you seek the advice of a qualified consultant to determine all the steps you will need to become and remain compliant as required by the Security Rule. |
|
|
|
|
|
|
|