{"id":1462,"date":"2014-01-22T13:00:38","date_gmt":"2014-01-22T19:00:38","guid":{"rendered":"http:\/\/www.poweradmin.com\/blog\/?p=1462"},"modified":"2015-04-24T16:44:23","modified_gmt":"2015-04-24T21:44:23","slug":"what-is-hipaa-compliance","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/what-is-hipaa-compliance\/","title":{"rendered":"What is HIPAA Compliance?"},"content":{"rendered":"<p>\n\t<a href=\"\/blog\/wp-content\/uploads\/2014\/01\/hipaa-compliant-website.png\" rel=\"\" style=\"\" target=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"What is HIPAA Compliance?\" class=\"alignright size-medium wp-image-1464\" height=\"146\" src=\"\/blog\/wp-content\/uploads\/2014\/01\/hipaa-compliant-website-300x146.png\" style=\"\" title=\"What is HIPAA Compliance?\" width=\"300\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2014\/01\/hipaa-compliant-website-300x146.png 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2014\/01\/hipaa-compliant-website.png 614w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><\/a><span style=\"font-size:14px;\">HIPAA stands for the Healthcare Insurance Portability and Accountability Act of 1996. This specifies laws for the protection and use of Personal (or Protected) Health Information (PHI) \u2013 essentially, your medical record. HIPAA sets the standard for protecting sensitive patient data. The Administrative Simplification provisions of the Act (HIPAA, Title II) require the <a href=\"http:\/\/www.hhs.gov\/ocr\/privacy\/\" rel=\"nofollow\" target=\"_blank\">U.S. Department of Health and Human Services<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> (HHS) to adopt certain national standards. These cover electronic health care transactions, and national identifiers for providers, health plans, and employers.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">Physical, network, and process security measures are involved. The HIPAA Privacy Rule covers the saving, accessing and sharing of medical and personal information for any individual. The HIPAA Security Rule outlines national security standards to protect health data created, received, maintained or transmitted electronically \u2013 also known as electronic protected health information (ePHI).<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">Meeting these standards? That's compliance.<\/span>\n<\/p>\n<h2>\n\t<span style=\"color:#FF8C00;\"><span style=\"font-size: 16px;\"><strong>Is Hi-Tech Involved?<\/strong><\/span><\/span><br>\n<\/h2>\n<p>\n\t<span style=\"font-size:14px;\">Yes; in more than one sense.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">HIPAA tried to simplify the administration of electronic medical record technology, and other components. In addition, the Act specified a series of privacy tools to protect healthcare data.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">Then, in 2010, the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed. This Act updated HIPAA rules, and provided federal funds for deploying electronic medical records (EMR) \u2013 also known as electronic health records (EHR). HITECH set out new rules for the protection and availability of medical records, which were now in digital form.<\/span>\n<\/p>\n<h2>\n\t<span style=\"color:#FF8C00;\"><span style=\"font-size: 16px;\"><strong>Who Needs to Comply?<\/strong><\/span><\/span><br>\n<\/h2>\n<p>\n\t<span style=\"font-size:14px;\"><em>YOU <\/em>do, if you're any of these:<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\"><strong>#1. <\/strong>Anyone who provides treatment, payment and operations in healthcare. Such persons or bodies are described as Covered Entities (CE). This could include:<\/span>\n<\/p>\n<ul>\n<li>\n\t\t<span style=\"font-size:14px;\">a doctor\u2019s office<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">dental office<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">clinic<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">psychologist<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">nursing home<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">pharmacy<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">hospital<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">a home healthcare agency<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">health plans<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\"><span style=\"font-size:14px;\">health insurance companies<\/span><\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">health clearing houses (An organization that standardizes health information, e.g. a billing company that processes data from its initial format into a standardized billing format)<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">HMOs (Group insurance that entitles members to services of participating hospitals, clinics, and physicians)<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">company health plans and<span style=\"font-size:14px;\"> government programs that pay for health care<\/span><\/span>\n\t<\/li>\n<\/ul>\n<p>\n\t<span style=\"font-size:14px;\"><strong>#2. <\/strong>Anyone with access to patient information \u2013 whether directly, indirectly, physically or virtually. Such bodies are known as Business Associates. An organization providing support in the treatment, payment or operations is considered a business associate (e.g. an IT company or a billing and claims processing company).<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">Other examples would include a document destruction company, a telephone service provider, accountant or lawyer. A business associate performs some type of service on a covered entity\u2019s behalf. It does not form part of their workforce, and must maintain HIPAA compliance, in its own right.<\/span>\n<\/p>\n<h2>\n\t<span style=\"color:#FF8C00;\"><span style=\"font-size: 16px;\"><strong>Comply, How?<\/strong><\/span><\/span><br>\n<\/h2>\n<p>\n\t<a href=\"\/blog\/wp-content\/uploads\/2014\/01\/HIPPO-Compliance.png\" rel=\"\" style=\"\" target=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"HIPPO Compliance\" class=\"size-medium wp-image-1470 alignright\" height=\"253\" src=\"\/blog\/wp-content\/uploads\/2014\/01\/HIPPO-Compliance-223x300.png\" style=\"margin-left: 15px;\" title=\"HIPPO Compliance\" width=\"180\"><\/a><span style=\"font-size:14px;\">By passing a HIPAA audit. (Note: following instructions in the image at the right will NOT make you compliant.)<\/span>\n<\/p>\n<p>\n\t\u00a0<span style=\"font-size:14px;\">The audit is an analysis that helps establish an organization\u2019s current state, and what steps need taking, to get the organization compliant. As part of the audit, a company must perform an evaluation, and undergo periodic evaluations once a year at minimum. As technology changes, different components are added to an organization\u2019s infrastructure.<\/span>\n<\/p>\n<p>\n\tThese also need to be evaluated. Covered entities and third-party business associates are required to undergo these periodic HIPAA audits.\n<\/p>\n<p>\n\tBetween a covered entity and its related associates, a <a href=\"http:\/\/searchhealthit.techtarget.com\/definition\/HIPAA-business-associate-agreement-BAA\" rel=\"nofollow\" target=\"_blank\">Business Associates Agreement<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> should be in place. This is a standard document that clearly defines their respective roles and responsibilities. An integral part of the Business Associates Agreement should be the assurance that businesses will take proper steps to implement the appropriate administrative, physical and technical safeguards.\n<\/p>\n<h2>\n\t<span style=\"color:#FF8C00;\"><span style=\"font-size: 16px;\"><strong>And, if You Don't Comply?<\/strong><\/span><\/span><br>\n<\/h2>\n<p>\n\t<a href=\"\/blog\/wp-content\/uploads\/2014\/01\/Penalties-for-Non-Compliance.jpg\" rel=\"\" style=\"\" target=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"Penalties for Non-Compliance\" class=\"size-medium wp-image-1476 alignleft\" height=\"176\" src=\"\/blog\/wp-content\/uploads\/2014\/01\/Penalties-for-Non-Compliance-300x225.jpg\" style=\"margin-right: 20px;\" title=\"Penalties for Non-Compliance\" width=\"235\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2014\/01\/Penalties-for-Non-Compliance-300x225.jpg 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2014\/01\/Penalties-for-Non-Compliance.jpg 1024w\" sizes=\"auto, (max-width: 235px) 100vw, 235px\"><\/a><span style=\"font-size:14px;\">There are penalties, for non-compliance. Some pretty stiff ones, actually. The HIPAA and HITECH Acts are administered by the Department of Health and Human Services (HHS) in the <a href=\"http:\/\/www.hhs.gov\/ocr\/office\/\" rel=\"nofollow\" target=\"_blank\">Office for Civil Rights<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> (OCR). The OCR has the right to enforce, audit, fine and charge companies and individuals for violations of the Act. They interpret the law, and write the rules and regulations.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">Penalties are incurred if PHI (or ePHI, Electronic Personal Health Information) is released to the public in unencrypted form of more than 500 records. As a simple example, this could involve an employee leaving unencrypted backup tapes with PHI in their vehicles, while parked off-premises. Or disclosing sensitive information on social media networks that could be personally identifiable.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">Fines for violating HIPAA rules range from $100 to $50,000 per violation (or per record) up to a maximum of $1,500,000 per year.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">In extreme cases, they can carry criminal charges, which could result in a prison sentence.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\"><strong>Ouch.<\/strong><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">Indeed.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">So, it's in your best interest to ensure compliance.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">In addition:<\/span>\n<\/p>\n<ul>\n<li>\n\t\t<span style=\"font-size:14px;\">Protect the availability, integrity and confidentiality of Personal Health Information (PHI)<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">Have Business Associates Agreements with clients who have PHI<\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:14px;\">Report any violations of PHI misuse to the OCR<\/span>\n\t<\/li>\n<\/ul>\n<h2>\n\t<span style=\"color:#FF8C00;\"><span style=\"font-size: 16px;\"><strong>Compliance is Vital to an Organization\u2019s Survival<\/strong><\/span><\/span><br>\n<\/h2>\n<p>\n\t<span style=\"font-size:14px;\">Many companies have, in the past, found themselves totally unprepared when it comes to audit time. This is no longer acceptable as security becomes a bigger focus year-on-year, with high profile incidences of data thefts and leaks being reported on a regular basis.<\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:14px;\">IT infrastructure is increasingly being hosted in the data center too and this causes <a href=\"http:\/\/www.informationweek.com\/security\/compliance\/hipaa-sox-and-pci-the-coming-compliance-crisis-in-it-security\/d\/d-id\/1113516\" rel=\"nofollow\" target=\"_blank\"> headaches for auditing and compliance <img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> for some organizations. This means that it\u2019s wise to choose vendors carefully and question the SLA and what it covers, auditing processes and access and the data center security.<\/span>\n<\/p>\n<p>\n\t\u00a0\n<\/p>\n<p>\n\t<a href=\"\/file-sight\/\" rel=\"\" style=\"\" target=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"PA File Sight - Power Admin\" class=\"alignleft size-full wp-image-1494\" height=\"57\" src=\"\/blog\/wp-content\/uploads\/2014\/01\/pa_file_sight_prw.png\" style=\"margin-right: 20px;\" title=\"PA File Sight - Power Admin\" width=\"171\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2014\/01\/pa_file_sight_prw.png 872w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2014\/01\/pa_file_sight_prw-300x101.png 300w\" sizes=\"auto, (max-width: 171px) 100vw, 171px\"><\/a>Power Admin's <a href=\"\/file-sight\">PA File Sight<\/a> can help with HIPAA compliance. For more details, visit our press release at <a href=\"http:\/\/www.prweb.com\/releases\/hipaa-compliance\/pa-filesight\/prweb10883246.htm\" rel=\"nofollow\" target=\"_blank\">http:\/\/www.prweb.com\/releases\/hipaa-compliance\/pa-filesight\/prweb10883246.htm<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>\n<\/p>\n<p>\n\t\u00a0\n<\/p>\n<p>\n\t<span style=\"font-size:10px;\"><em><span style=\"color:#808080;\">Photo Credits:<\/span><br>\n\t<a href=\"http:\/\/www.flickr.com\/photos\/38016572@N05\/5247943236\/\" rel=\"nofollow\" target=\"_blank\"><span style=\"color:#808080;\">corbettgm<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"color:#808080;\"> via <\/span><a href=\"http:\/\/compfight.com\" rel=\"nofollow\" target=\"_blank\"><span style=\"color:#808080;\">Compfight<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"color:#808080;\"> <\/span><a href=\"http:\/\/www.flickr.com\/help\/general\/#147\" rel=\"nofollow\"><span style=\"color:#808080;\">cc<\/span><\/a><span style=\"color:#808080;\"> <\/span><br>\n\t<a href=\"http:\/\/www.flickr.com\/photos\/8601478@N02\/7761004444\/\" rel=\"nofollow\" target=\"_blank\"><span style=\"color:#808080;\">hyimted<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"color:#808080;\"> via <\/span><a href=\"http:\/\/compfight.com\" rel=\"nofollow\" target=\"_blank\"><span style=\"color:#808080;\">Compfight<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"color:#808080;\"> <\/span><a href=\"http:\/\/www.flickr.com\/help\/general\/#147\" rel=\"nofollow\"><span style=\"color:#808080;\">cc<\/span><\/a><\/em><\/span>\n<\/p>\n<p>\n\t<a href=\"http:\/\/www.twitter.com\/home?status=RT:%20@poweradmn%20What%20is%20HIPAA%20Compliance?%20\/blog\/what-is-hipaa-compliance\/?ref=blog\" rel=\"nofollow\" style=\"\" target=\"_blank\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"Tweet this\" class=\"aligncenter size-medium wp-image-1028\" height=\"75\" src=\"\/blog\/wp-content\/uploads\/2013\/11\/tweet-this-article-button-large-300x75.png\" style=\"\" title=\"Tweet this\" width=\"300\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/tweet-this-article-button-large-300x75.png 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/tweet-this-article-button-large.png 310w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>\n<\/p>\n<p>\n\t\u00a0\n<\/p>\n<p>\n\t<a href=\"https:\/\/plus.google.com\/share?url={\/blog\/what-is-hipaa-compliance\/?ref=blog}\" rel=\"nofollow\" style=\"\" target=\"_blank\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"Share on Google+\" class=\"aligncenter size-medium wp-image-1053\" height=\"75\" src=\"\/blog\/wp-content\/uploads\/2013\/11\/google-plus-this-article-button-large2-300x75.png\" style=\"\" title=\"\" width=\"300\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/google-plus-this-article-button-large2-300x75.png 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/google-plus-this-article-button-large2.png 310w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>HIPAA stands for the Healthcare Insurance Portability and Accountability Act of 1996. This specifies laws for the protection and use of Personal (or Protected) Health Information (PHI) \u2013 essentially, your medical record. HIPAA sets the standard for protecting sensitive patient data. The Administrative Simplification provisions of the Act (HIPAA, Title II) require the U.S. Department [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1482,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,13,10,9,8],"tags":[],"class_list":["post-1462","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-pc-security","category-power-admin","category-technical","category-windows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=1462"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1462\/revisions"}],"predecessor-version":[{"id":3538,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1462\/revisions\/3538"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/1482"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=1462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=1462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=1462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}