Health Insurance Portability and
Accountability Act (HIPAA) and
the Health Information
Technology for Economic and
Clinical Health Act (HITECH)
Some of the salient aspects of the final rules
• Business associates (BAs)(along with their subcontractors)
such as clearing houses, insurance, outsourced coding and
billing agencies are also liable.
• Non-compliance invites increased monetary penalties.
• Privacy and security of PHI (personal or protected health
information) whether in electronic or paper form, has been
boosted up, along with disclosure limitations.
Golden Initiatives to Comply with HIPAA
and avoid penalties
• To ensure adherence with HIPAA rules,
healthcare providers need to undertake
Restrict Access to Patient Data
• Document and implement policies and procedures to
safeguard PHI, restrict access to patient data, stipulate
authorizations for disclosure of patient data, ensure secure
storage and transmission of data, promptly report
breaches of patient information, and ensure timely action
to correct security violations and act on complaints
regarding information leakage.
• Report violations of PHI misuse to OCR through Federal
Department of Health and Human Services (HHS).
Annual Security Training of the Clinic
• Continual on-going training of staff on HIPAA, so that
they comply with the procedures. Incorporate this training
as part of annual security training of the clinic/hospital.
Provide Information to Patients
• Provide information to patients through hospital websites
or directly on patients’ right to health information, and
how they can be used and disclosed.
Ensure Privacy Policies are Followed
• Designate a responsible, senior physician as security officer to
Integrity of Information
• Accuracy-the medical record must be accurate.
• Availability-the record must be essentially available
• Confidentiality-referred/seen only on need-to-know basis.
Monitor liability and compliance
• Monitor liability and compliance of BAs (bill processing
company, insurance companies, cloud service provider,
etc) who access patient information and medical record
(diagnosis code, charge, etc).
• Usage of online tool kit that helps compliance to the
HIPAA Security Rule.
• Verify and monitor whether healthcare vendors and their
sub vendors (sub-contractors) implement and comply
with business associate agreements (BAA), as required
by HIPAA Omnibus Rule.
Mobile Devices by Physicians
• overlooking use of mobile devices by physicians. This
needs periodical technical review/risk audit of mobile
devices used by physicians for transmitting patient-
related information. The security officer will stipulate
how and when the mobile devices device will be used and
For more details visit our site
www.medicaltranscriptionsservice.com or call