HIPAA Consulting

Home HIPAA Consulting

HIPAA Compliance

HIPAA is a comprehensive federal law enacted to: Protect the privacy of a patient’s personal and health information Provide for electronic and physical security of personal and health information Standardize coding to simplify billing and other transactions “Privacy” and “Security” are not even in the name of HIPAA, yet they present the biggest challenge under the law. Its standards address the use and disclosure of PHI as well as standards for individuals’ privacy rights to understand and control how their PHI is used and shared Examples that require patient’s authorization for disclosure of PHI include life insurance coverage, pre-employment physical, lab tests, pharmaceutical firms, etc. Patient’s authorizations for disclosure of PHI is NOT required for treatment, payment, and health care operations The Privacy Rule does not restrict the use of disclosure of de-identified health information Fundamental to HIPAA compliance: Conduct a Security Risk Analysis Although this can be done by office personnel, an independent security specialist (usually IT groups) may be more appropriate, based on the size of the organization Consists of two parts- risk assessment and an IT assessment Output includes a detailed report outlining identified problems to fix The Office of National Coordinator for Heath Information Technology (ONC) has an online tool designed to help physicians navigate the process of conducting a risk assessment