Passed by Congress in 1996, HIPAA, or the Health Insurance Portability and Accountability Act, enforces the privacy of individually identifiable health information. Mandating industry-wide standards for the protection of confidential health information and electronic billing processes, HIPAA requires that organizations follow specific procedures when it comes to dealing with confidential information related to health care. Failure of compliance to HIPAA’s standards can lead to severe consequences.
What Information Is Protected under HIPAA?
Are you aware of what information is protected under HIPAA? While you may know that HIPAA pertains to health information, you may not be quite so sure when it comes to the specifics of these regulations. Luckily, HIPAA has outlined exactly what information is covered under the act.
To start out with, let’s define what individually identifiable health information is.
As recognized by the U.S. Department of Health and Human Services, individually identifiable health information is any information, including demographic data, that relates to the following:
- An individual’s past, present, or future physical or mental health condition
- The provision of health care to an individual
- The past, present, or even future payment for the provision of health care to the individual
HIPAA enforces the protection of this information whether it is in electronic, paper, or verbal form. In order to maintain this heightened level of security, HIPAA also requires specific safeguards in place as well that your organization is responsible to uphold.
What Safeguards Are Required by HIPAA?
Are you aware of the HIPAA requirements your organization needs to follow? In accordance with HIPAA, all organizations, regardless of size, must adhere to the safeguards outlined below. Failure to show HIPAA compliance can result in the enforcement of hefty penalties, ranging from mild to severe, depending upon the case.
Administrative
Workforce Education and Management
It is vital that all members of your organization, including employees, trainees, volunteers—paid and unpaid—are educated on the policies of the Privacy Rule. Your organization must also provide specific sanctions and standards regarding the violation of the Privacy Rule. It is up to your organization to ensure full compliance and education.
Information Access Management
The access to private health information must be limited in accordance with HIPAA. Your organization is required to establish policies and procedures regarding role-based access. In addition, HIPAA also requires that your organization maintains the disclosure of this private health information to authorized personnel only.
Security Management
Did you know that HIPAA requires that your organization employs a designated security official that is responsible for implementing security policies and procedures? In addition, it is up to your organization to identify and mitigate security risks and vulnerabilities when it comes to accessing, handling, and storing personal health information.
Complaint Management
It also is up to your organization in accordance with HIPAA to have established procedures for individuals to follow should an individual want to submit a complaint regarding compliance. Your organization is required to identify to whom individuals can submit complaints and identify the procedure that is followed thereafter.
Record Retention Management
Did you know that HIPAA also requires that you—for at least 6 years—maintain records of privacy policies, dispositions of complaints, procedures, privacy practice notices, and any other activity that the Policy Rule requires to be documented? Storage of this information must be done securely and safely.
Technical
Audit Control
Your organization is required to provide procedural mechanisms along with hardware or software to contain ePHI, or electronic private health information. In accordance with HIPAA, this hardware/software must record and examine all activity of this information.
Access Control
Access of ePHI must be limited as well. Only authorized personnel within your organization should have access to it. Compliance guidelines dictate that your organization must utilize appropriate software like eFileCabinet for the storage and access control of this information to provide maximum security.
Integrity Control
What if your ePHI were to get altered, or even destroyed? HIPAA mandates that your organization show full compliance by implementing policies and procedures to prevent this from occurring with comprehensive integrity control mechanisms.
Transmission Security
As information is continuously being transmitted over an electric network, there is the possibility of a security breach without the right safeguards in place. Your organization is required to implement technical security measures such as eFileCabinet to prevent unauthorized access to any ePHI.
Physical
Facility Security
Physical access to your facility must also be managed and control. Only authorized personnel are to have access to highly secured electronic and paper private health information.
Workplace and Device Security
All workstations and devices are required to abide by the security standards put forth by HIPAA. The transfer, access, removal, and use of private health information must be regulated. Your organization is required to have policies and procedures in place to manage these processes efficiently and securely.
What Noncompliance Can Lead To
Failure to show compliance in any of the requirements can lead to severe consequences. In fact, noncompliance can lead to the enforcement of penalties. The severity of penalties can range greatly depending on the individual factors involved. Keep in mind that penalties cannot exceed an established calendar year cap for repeat violations of the same requirement.
In fact, criminal penalties can be issued to any person that knowingly obtains or discloses private health information. These criminal penalties, enforced by the Department of Justice, can range from $50,000 fines to up to 10 years of imprisonment.
It is vital that your organization maintains full compliance at all times. Not only can you face severe penalties for noncompliance, but you also risk the credibility and trust of your organization. eFileCabinet makes compliance simple for your organization with HIPAA-compliant software. Offering electronic document management along with guaranteed HIPAA compliance, eFileCabinet can help your organization ensure that your compliance is never in question.