HIPAA and HITECH Compliance

Q: What is HIPAA?

A: A federal law signed in August 1996, the Health Insurance Portability and Accountability Act (HIPAA) calls for changes in health insurance, and in many health care transactions and administrative information systems and practices.

More specifically, one section of the law deals with three main issues: (1) federal standards for electronic data interchange among health care providers and health plans; (2) federal privacy standards protecting the confidentiality and integrity of patient health information; and (3) federal security standards for protecting access to electronic and other health information.

Although some of our practices did change as a result of HIPAA, in many cases these regulations contained provisions that were already required by state law or were already a part of our professional practice.

Q: What is HITECH?

A: The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
Q: Who is required to comply with these regulations?

A: Three types of organizations are covered by HIPAA: (1) providers – doctors, hospitals and others – who carry out certain business activities electronically, (2) health plans and (3) “clearing houses,” or go-between organizations that help providers and health plans do business electronically.

As health care providers, we know that our patients and communities expect us to maintain the privacy of health information. To that end, we have taken steps to comply with HIPAA as an extension of our mission and commitment to quality care.

Q: When did HIPAA go into effect?

A: HIPAA regulations were organized into three sections, each had a different effective date. The first deadline, had to do with electronic data interchange (bills, payments, etc.), was October 16, 2002. The privacy deadline was April 14, 2003, and the security deadline was October 31, 2003.

Q: How does HIPAA affect my health care, if at all?

A: The goal of HIPAA regulations was to maintain or improve the current level of health care quality. HIPAA has enhanced the doctor-patient relationship by allowing for more open communication and thus more effective treatment.

Q: What is Preferred IPA currently doing to protect the privacy of my personal medical records?

A: As part of our existing practices, great care is taken in the handling of patient health information. State laws currently in effect, professional ethics as well as general business ethics shape our treatment of this information.

Q: How does HIPAA change the practices of Preferred IPA?

A: HIPAA creates a minimum privacy requirement for all 50 states. Some states, however, will retain pre-existing privacy laws if they are stricter than the HIPAA regulations.

While our existing policies and procedures already do much to safeguard your medical records, HIPAA has helped the entire health care industry standardize and continue to enhance privacy and security practices.

Important Links:

Update to the HIPAA rule from the HHS.gov
More on HITECH from the HHS.gov
Privacy & Security Training Games from HealthIT.gov

For more information, please visit HIPAA Online  image