All health care entities that process health-related data are required to comply with the U.S. Department of Health and Human Services' (HHS) Health Insurance Portability and Accountability Act of 1996 (HIPAA).
HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic).
HIPAA is a federal law that has been amended to the Internal Revenue Code of 1986 which intends to:
The ultimate goal of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions. It also aims to maintain the security and privacy of individually identifiable health information.
These goals help promote the modernization of health information systems. Industry analysts estimate the process of updating health information systems to be about three to four times more difficult than Y2K. Becoming HIPAA compliant is more challenging because of extensive cross-departmental compliance and training requirements. Where Y2K centered on IT procedures and systems, HIPAA affects the entire organization. With Y2K, there was a stop date when IT professionals and organizations could determine if their compliance efforts were successful. HIPAA is an ongoing administration, privacy and security challenge that must be constantly addressed.
Under HIPAA, there are specific standards that all health care organizations are required to adhere to. These standards include an Administrative Simplification Title that is aimed at preventing health care fraud and abuse. Within this title, there are several laws and proposed standards including:
HIPAA's standards directly apply to the following groups of health care entities:
HIPAA's reach is quite broad. It impacts all health plans, clearinghouses and providers who electronically store and transmit health information. It covers all individually identifiable health information that is transmitted electronically or on paper. Current administrative processes are complex, inefficient and costly. There is a great opportunity for HIPAA to help a covered entity drive down high administrative costs and realize efficiencies, while not adversely affecting the quality of patient care.
Conversely, non-compliance with HIPAA regulations may cause disruptions in an organization's day-to-day business processes, resulting in both tangible and intangible costs. The most serious implications of HIPAA non-compliance for health care organizations include the inability to effectively conduct electronic business and the potential of losing significant segments of business.
Penalty for failure to comply with regulations up to $100 per violation per person up to a maximum of $25,000 per year. Penalty for knowingly and wrongfully disclosing individually identifiable health information:
Litmos Healthcare's HIPAA compliance online education program is the perfect fit for all healthcare organizations. To learn more, contact us at firstname.lastname@example.org or call 1.866.447.2211.