Breaking down the rules into steps makes HIPAA compliance less complicated

HIPAA compliance is a legal requirement for Business Associates and Covered Entities. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with two main intentions:

o  To enable employees to keep their insurance intact when they switched jobs or their insurance provider

o  To facilitate the payment and information process by putting in place a uniform code for these.

From its start, up to 2013, HIPAA has undergone a few changes, such as:

o  The privacy regulation additions of 2003;

o  The insertion of the HIPAA Security Rule in 2005;

o  The passage of the HITECH Act in 2009, and

o  The addition of the Omnibus Rule in 2013, with the intention of extending liability to Business Associates

With the insertion of these additions, HIPAA compliance has become more and more demanding and complex, or at least that is what most entities who are required to comply with it feel. Most Business Associates and Covered Entities have issues with the following areas of HIPAA compliance:

–       The 18 identifiers that Protected Health Information (PHI) consists of; with the name, full face photos, e-mail address, and date of birth of the patients being some of their constituents

–       The requirement of designation, by every organization or practice, of a privacy officer, who has to carry out a risk analysis

–       The requirement, as part of HIPAA compliance, of covered health care providers and health plans, of developing and distributing a notice, in which the privacy rights and practices relating to patients’ personal health information have to be clearly explained.

Despite these requirements, HIPAA compliance is not as difficult as it seems

The reality, however, is different. HIPAA compliance is not as complicated and difficult as it is thought to be. At first glance, these requirements may appear to be intimidating. Yet, when it comes to practical application, HIPAA compliance is not really all that cumbersome or difficult. All that is needed is a clear-cut understanding and explanation of the major sections on compliance.

This clear-cut understanding of the major sections on which many Covered Entities and their Business Associates face difficulties is the intention of a seminar that is being organized by GlobalCompliancePanel, a leading provider of professional trainings for the areas of regulatory compliance.

At this detailed two-day seminar, Paul Hales, an attorney at law in St. Louis, Missouri who specializes in HIPAA Privacy and Security Rules, will be the Director. All that is needed to gain a thorough understanding of the perspectives Paul will offer on HIPAA compliance is to register for this seminar by visiting http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900798?linkedin-SEO .

What makes this seminar a valuable learning session is that Paul will explain, in simple and plain language, the contents of HIPAA compliance. He will demystify the tricky areas of HIPAA compliance and offer clarity of understanding of these, and will crystallize them into six easy steps.

Paul will drive home the point that HIPAA compliance becomes easier when its seemingly difficult requirements are broken down into steps. He will suggest six steps that organizations can take to make HIPAA compliance easier.

He will pack the seminar with visual presentations, interactive discussions and stimulating questions and answer sessions. He will also show how to find the right rule with the six step-by-step procedures he will lay down.

Takeaways at this important seminar on HIPAA compliance

Paul will offer these following key takeaways at this highly valuable seminar:

·        Thorough Understanding of HIPAA Rules

  • What they are
  • How they work together
  • Why and How they were made
  • How they are changing and what to expect next

·        HIPAA Risk Analysis – Risk Management for Your Organization

  • A Practical Guided Exercise done in class on your computer to take home

·        Privacy and Security Rules – Permitted and Required Uses and Disclosures

  • What information must be protected
  • Administrative, Technical and Physical Safeguards
  • Social Media, Texting and Emailing Patients

·        The inter-connected, inter-dependent relationship of Covered Entities and Business Associates

·        What is, and what is not a Reportable Breach of Unsecured PHI

http://www.fertilitybridge.com/blog/hipaaandsocialmediawithpaulhales

HIPAA Security Rule Principles

Though short in length,HIPAA Security Rule principles are well defined in some areas, but vague in some others, making implementation of these areas difficult.

HIPAA Security Rules are an offshoot of the Privacy Rule. While Privacy Rule concerns itself with Protected Health Information (PHI) in general, the HIPAA Security Rule (SR) concerns itself specifically with electronic Protected Health Information (ePHI). Since it particularly focuses on an element of the Privacy Rule; it is considered a subset of the HIPAA Privacy Rule.

The HIPAA Security Rule seeks to fortify individually identifiable health information with reasonably high levels of technical, administrative and physical safeguards so that these attributes are protected and unauthorized or inappropriate access, use, or disclosure prevented:

  • Confidentiality
  • Integrity, and
  • Availability.

To enable this, the HIPAA Security Rule codifies a few standards and best practices in information technology. In a general sense, the HIPAA Security Rule requires computer systems containing patient health implementation to implement these three safeguards:

  • Administrative,
  • Physical, and
  • Technical.

It has clear definitions of each component relating to its specifications. Some of the terms on which the HIPAA Security Rule is unambiguously clear are:

Challenges associated with implementing HIPAA Security Rule

Despite the clarity of definitions of a few terms as stated above; the HIPAA security rule is considered complicated by practitioners and participants in the Rule. Although not a very painfully long document in that it runs into only eight pages; because of the high technical nature of its text, it is considered quite complex.

A major requirement that the HIPAA Security Rule imposes is a set of additional organizational requirements, apart from documenting processes that are in tune with the HIPAA Privacy Rule. This is easier said than done, especially for small time providers that have limited technical bandwidth and capabilities, for whom implementing the Privacy Rule itself can be challenging. The solution is to make Health information technology (HIT) resources available for this kind of providers.

Further, this Rule has some ambiguities. For instance, its fundamental requirement is implementation of “necessary safeguards”. There is no unanimity about what this means.

Want to know more : http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900739SEMINAR?wordpress-SEO