Healthcare and insurance providers need to understand the HIPAA compliance requirements for paper and electronic health records management. Let Access help.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 specifies a series of administrative, physical and technical safeguards to assure the confidentiality, integrity and availability of protected health information (PHI). Individuals, organizations and agencies that meet the definition of a covered entity must comply with its rules to protect the privacy and security of all patient information. Any breach of confidentiality, such as improperly discarded documents, must be reported to the authorities and, in cases involving over 500 records, to local media as well.
Under HIPAA law, every healthcare provider, including doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies and insurance providers, is required to prevent unauthorized access to PHI at all times. PHI consists of any information about a patient, such as:
- A diagnosis
- Treatment information
- Billing invoices
Small or large, medical organizations benefit greatly from the protection, regulation compliance and indemnification offered by Access’s document destruction services. Employees are busy at their jobs and often overlook the importance of taking the time to shred patient-related data. However, an improperly discarded document could lead to heavy regulatory fines, lawsuits and the loss of community trust.
But is it only medical organizations that should worry about HIPAA?
No. In addition to the healthcare industries, HIPAA also affects those providing certain information or services to or for healthcare providers. For example, a company that performs medical billing or other services involving PHI.
What is HITECH?
In 2009, Congress passed a law that greatly increased the security and enforcement capabilities of HIPAA, known as the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Following is a partial list of the requirements improved by HITECH:
- Health data breach notification improvements require healthcare providers to notify patients and local authorities when there has been a potential data breach.
- New training programs educate the State Attorneys General about how to enforce HIPAA laws and the methods to collect and retain fines incurred from violators.
- Maximum fines for violations were increased from $25,000 to $1.5 million, a 6,000% increase from HIPAA’s initial rulings.
Access Records Management Can Help Your Company Stay Compliant
At Access, we provide customers with the highest levels of privacy and security concerning their confidential information. We closely follow any new developments and regulations emerging from HIPAA and will quickly implement and update our own procedures to assure that our clients continually meet the compliance requirements of the Act.