If an organization is subjected to the Health Insurance Portability and Accountability Act (HIPAA), its employees must understand the HIPAA compliance requirements for the privacy and security of Protected Health Information (PHI) are. HIPAA is a federal law that was established in 1996 outlining the use and disclosure of PHI. HIPAA compliance is enforced by the Office of Civil Rights (OCR) and is regulated by the U.S. Department of Health and Human Services (HHS).
Understanding HIPAA compliance requirements is incredibly essential. Failure to comply with HIPAA rules and regulations can result in considerable fines being issued, even if a PHI breach does not take place, while a PHI breach can lead to civil action lawsuits and criminal charges being filed. Organizations must also follow procedures with regards to reporting breaches of the HIPAA Privacy and Security Rules and issuing notifications to the patients as per the HIPAA Breach Notification Rule.
But what is HIPAA compliance? It involves fulfilling the requirements of the Health Insurance Portability and Accountability Act 1996, its succeeding amendments, and any related legislation, such as HITECH to protect the privacy, security, and integrity of PHI.
HIPAA Compliance Requirements – Who Must Comply?
Covered entities and business associates, as applicable, must comply with HIPAA Rules. If an entity does not meet the definition of a covered entity or a business associate, HIPAA Rules do not apply.
By definition, any organization that collects, creates, or transmits PHI, is known as a covered entity. Healthcare organizations that are considered covered entities include:
- Covered healthcare providers such as chiropractors, clinics, dentists, doctors, nursing homes, pharmacies, and psychologists.
- Health plans such as health insurance companies, health maintenance organizations (HMOs), company health plans, and government programs that pay for healthcare (e.g Medicare and Medicaid).
- Health care clearinghouses such as billing services, repricing companies, community health management information systems, and value-added networks.
By definition business associates are organizations or people that encounter PHI in any way for the work that has been contracted to carry out tasks on behalf of a covered entity. Examples include:
- Data analysis
- Legal services
- Financial services
- Utilization review
- Management administration
What are the HIPAA Rules?
Before going into details about HIPAA compliance requirements, let’s review the HIPAA Rules. Employees must understand the rules first before an organization implements compliance requirements effectively.
HIPAA Privacy Rule
The HIPAA Privacy Rule only applies to covered entities such as health providers who conduct certain healthcare transactions electronically. It sets the national standard for the control of access to PHI, such as how PHI should be used and disclosed. The Privacy Rule gives patients the right to access their medical request information.
Read the full blog - HIPAA Compliance Requirements - Everything You Need To Know
Published by Riyan N. Alam