By Jack Anderson
April 30, 2014
What is the Health Insurance Portability and Accountability Act and why is it even more important today than it was in 1996 when it was passed by Congress? There were two parts; Portability and Accountabilit. Portability was meant to insure that people could keep their health insurance when they changed jobs which worked. The second part, Accountability, was designed to ensure the security and confidentiality of patient information/data. In addition, it mandated uniform standards for electronic data transmission of administrative and financial data relating to patient health information.
It has been through several iterations and updates culminating in the HIPAA Omnibus Rule which became effective March 23, 2013 with a 180 day window for implementation. The final deadline for compliance was September 26, 2013. Basically this was the final definition of the rules specifed by the HITECH Act which was passed by Congress in February of 2009 and technically became effective in February of 2010. However HHS announced in February of 2010 that they were “delaying enforcement until the rules were estabished” So after an overly long gestation period, real, enforced, tough regulation is here.
To paraphrase the old Saturday NIght Live question “What does this mean to me, Al Franken”, what does this mean to me if I am a business associate? It means the day of reckoning, long threatened, has arrived. Health and Human Services (HHS), their enforcement arm, The Office of Civil Rights (OCR), companies they hire to do audits, such as Figliozzi and Company, your State Attorney General, patients, whistleblowers, and most importantly your business partners and clients demand that you be HIPAA (not Hippa) compliant, now, and be able to prove it.
How can you prove it since HHS does not have a HIPAA certification process for business associates? Documentation of your compliance activities that meet the standards for HIPAA is the answer. Step one is appointing a privacy and security officer who accepts responsibility for your HIPAA compliance program. Step two is estabilishing written policies, procedures, and forms that meet the standards are customized to your business model, and are the business rules by which you run your company. Step three is to have in place an on-going risk management program that includes periodic risk assessments, remediation of risks, and documentation of your compliance activities.
A compliance manual sitting on the shelf is not the answer. HHS states over and over again that HIPAA compliance is a process not an event. You need to be actively working on HIPAA compliance every month and documenting your activities. HHS believes and your business partners concur that if you didn’t document it you didn’t do it.
If you want to see how this all works go to www.compliancehelper.com and in the box that says see how it works click on either the Small Business Associate, generally those with 5 employees or fewer, or the Medium Business associate button. If you want to check your own level of HIPAA compliance the click on the button that says Download Checklist.
The click on Sign Up Now and get started.