HIPAA was established to protect patient health information and set rules for who can access this information and how it can be used. Organizations that deal with protected health information, such as health insurers, providers, and clearinghouses, must comply with HIPAA regulations. These organizations can use document management systems to help ensure compliance by managing records, limiting access to authorized users, and monitoring user activity. Failing to properly protect patient information can result in costly fines.

1. Overview of HIPAA & Tools for HIPAA Compliance
Healthcare providers and affiliated organizations have a great deal of responsibility in terms of
protecting patient health information. Organizations that are required to follow HIPAA’s privacy
and security rules are referred to as “covered entities.” A covered entity that fails to properly
safeguard protected health information (PHI) can face penalties of up to $50,000 per violation, in
addition to irreparably damaging its reputation.
We’ll outline what HIPAA is, why it was established and how covered entities can ensure their
compliance with HIPAA regulations.
A Brief Overview of HIPAA
The Health Insurance Portability and Accountability Act of 1996 is a U.S. federal statute that
was established to protect patient health information, and help American workers transfer and
continue their health insurance coverage when they change or lose their jobs, among other
protections.
HIPAA’s Privacy and Security Rules
HIPAA is divided into several titles, among which include the Privacy Rule and the Security
Rule. The Privacy Rule outlines who can see patient health records, and applies to protected
health information in written, electronic, and oral form. The Security Rule protects electronic
health information that is created, used, maintained, transmitted, and received by covered
entities.
Who Is Required to Follow HIPAA Laws
The following organizations are considered covered entities and must comply with HIPAA
regulations:
● Health Plan Suppliers—This includes health insurance companies, corporate health
plans, HMOs, and government healthcare programs, including Medicare and Medicaid.
● Certain Health Care Providers—Including doctors, medical clinics, hospitals,
psychologists, nursing homes, pharmacies, dentists, and other healthcare providers.
● Health Care Clearinghouses—Entities that transmit information (most often claims and
billing information) to another entity(s) in the health care system.
● Business Associates—Companies that act as contractors and subcontractors of a covered
entity and have access to protected health information while conducting business.
● Health Information Organizations—Entities that transmit protected health information
on behalf of a covered entity or its business associate, and thus require regular access to
PHI.

2. Employers, life insurers, workers’ compensation carriers, and most law enforcement agencies,
schools and school districts, and state agencies (such as child protective services) are not
required to comply with HIPAA.
What Information Is Protected Under HIPAA
Conversations between patients and their doctors, nurses, and other healthcare providers, and
conversations between medical professionals that are entered into a patient’s medical record are
protected. Information maintained in a health insurer’s computer system, and billing information
maintained at healthcare facilities also must be protected.
How Organizations Can Protect Patient Information
All of the aforementioned entities are required to safeguard patients’ sensitive information and
limit the use of patient information to only what is necessary.
Today, healthcare providers are increasingly using electronic health records (EHR) systems to
store and transmit patient health information. This information can be transmitted with ease via
health information exchanges (HIE), reinforcing the need for security.
A document management system, like Square 9’s SmartSearch, can be an invaluable tool for
organizations that deal with protected medical information, whether from a physician’s office,
insurance agency, healthcare clearinghouse, or third party entity. These systems help manage
patient records and information, enable organizations to limit PHI access to authorized personnel
only, and monitor and track user activity. A document management system can mean the
difference between being HIPAA compliant and going through a costly data breach.
Look for a system that has a customizable, cloud-enabled interface that features access control,
user-based permissions, password protection, data encryption, audit features, and automated
record retention.
Summary
HIPAA was established to help protect patient health information, and it outlines who can see
this information and how it can be used. Organizations that deal with protected health
information must comply with HIPAA regulations or face costly fines.
Company Bio
Square 9 is trend-setting software development firm that has created highly intuitive,
customizable document management software that can be easily adapted to automate any paper-
intensive process. The company’s commitment to proven practices and cutting-edge technologies
has led to the development of a library of innovative tools for business automation, including
cloud-enabled content management solutions. Learn more about the company’s products at
square-9.com.

3. Sources:
1. http://www.healthit.gov/patients-families/faqs/who-must-follow-hipaa
2. http://www.hhs.gov/ocr/privacy/
3. http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-
practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-
act/hipaa-violations-enforcement.page?