By: Belkys VenturaClass: MHA 690 Health Care Capstone Instructor: Martha Plant
The Health Insurance Portability and Accountability Act of 1996 (HIPAA; 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton Bill in 1996. It was sponsored by Sen. Nancy Kassebaum Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The Administrative Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nations health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.
Compliance requirements for the HIPAA privacy act took effect on April 14, 2003. The law applies to covered entities and employees having access to personal health information. Covered entities include doctors, hospitals, nursing homes and health insurance providers, but other companies with access to protected health information are bound to the law, and are defined under HIPAA guidelines. Entities must designate a department or individual to oversee policies and procedures, administer training and maintain pertaining documents secured.
Personal health information is defined as anything that can identify a patient, including the patients name, Social Security number, address and medical record number. Persons with access to this information are bound by the privacy act, and may only release records for administrative or legal proceedings, health oversights or law enforcement use. Employees with questions regarding the release of information must notify human resources or the companys designated HIPAA security or compliance officer.
HIPAA provides guidelines for the protection,handling and access of physical and electronic records of personal health information. It also sets time limits for their retention and destruction. Federal and civil penalties for divulging or mishandling protected information are strict, and employers as well as employees must be aware of the consequences. Companies are required to govern access to personalhealth information, and develop their own policies and procedures concerning HIPAA matters. Examples of security standards include keeping records on company premises, electronic data encryption and employing the use of computer screen masks while working with protected information.
Have information available to employee.Develop quarterly training for the staff. Monitoring privacy by monitoring logging in, location and purpose. Organization Data Control.
Organization should invest funding to software and systems security. Update system periodically. Keep up with technology. Monitor who have access to patients record. Print log in report to control access.
The U.S. Department of Health & Human Services website provides links to approved training programs. Alternatively, businesses may develop training based on published information, adding additional policies and procedures to reflectindividual circumstances. The training program is best administered in multimedia format, and must be presented to all current employees and new hires. Each participant must sign a HIPAA training completion form, which the firm retains in the employees personnel records.