home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers


The Business of IT
F E A T U R E  
Feds Reach Out and Touch IT

  July 10, 2003
  By Sean Doherty


>> continued from previous page

HIPAA
TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 All in the Implementation
arrow
 Gramm-Leach-Bliley
arrow
 Whip Out the Crystal Ball
arrow
 HIPAA
arrow
 An Open Door Policy
arrow
 Sarbanes-Oxley
arrow
 Executive Summary
arrow
 Law vs. Regulation
arrow
 FYI
arrow
 With 1386, California Leads the Way
arrow
 Hospitals Get HIPAA
arrow
 Web Links
arrow
 Epoll Results

The Health Insurance Portability and Accountability Act of 1996 was developed as a two-step dance in health-care reform that puts the Centers for Medicare & Medicaid Services (CMS) in the lead, with the rest of the health-care industry to follow. And if anyone misses a step, HHS Office of Civil Rights will bring them in line. HIPAA's primary aim is to improve the efficiency and effectiveness of the nation's health-care system and promote the widespread use of EDI in health care. But it would be difficult, if not impossible, to accomplish this without assurances that patient health information will be kept secure and private.

Title I of HIPAA protects health-insurance coverage for workers and their families. Title II deals with administrative simplification and puts HHS in charge of national standards for electronic health-care transactions and national identifiers for providers, health plans and employers. And for IT, it establishes regulations to ensure the security and privacy of electronic health-care information.

HIPAA applies to health plans, such as HMOs, Medicare and state Medicaid programs, and health-care clearinghouses that process electronic health-care information. Under the administrative simplification requirements, size does not matter. If a provider transmits, for example, health-care claims, eligibility and enrollment information, referral and authorizations for health care, or payment and remittance advice in electronic form, it is subject to the requirements.



HIPAA in a Nutshell

click to enlarge
Final privacy rules for all but the smallest organizations went into effect on April 14, 2003. For the most part, the rules deal with notifying patients about their privacy rights, training employees to understand privacy procedures, and designating an individual who is responsible for adopting and implementing privacy procedures. But there are sections of the privacy rule that drive the security rules: Particularly, the definition of PHI and securing patient records containing it.

If you define PHI as a patient medical record in any format, paper or electronic, you would not be wrong. But it can be more or less than that, depending on who collects it and what it contains. PHI is any health information collected by a covered entity that identifies an individual and relates to his or her physical or mental health condition, past, present and future. For IT, PHI does not lose its character when stored or transmitted in electronic format. This is true even where the covered entity contracts with third-party business associates to perform essential functions.

HIPAA does not give HHS authority to regulate other types of private businesses or public agencies, outside of the health-care industry. For example, the regulations do not apply to employers, life-insurance companies or some public agencies that deliver government benefits, like Social Security and welfare. Note also that electronic media does not include paper-to-paper facsimile equipment or voice-to-voice telephones. Videoconferencing and voicemail systems also are excluded because these technologies are secure point-to-point transmissions with privacy protections in federal and state wiretap laws.

Under the privacy rules, covered entities must implement policies and procedures to safeguard PHI in any format, paper or electronic. As with GLBA, policies and procedures can take into account the size of the enterprise and the types of activities that relate to PHI. For example, a pharmacy will have different privacy policies and procedures than a doctor's office. The policies can be in written or electronic form. Communications between patients and covered entities--such as authorizations to access patient records and requests for records--also can be kept in written or electronic form. These records must be retained for possible retrieval for a period of six years. Here, IT can reduce a paper log to electronic form to facilitate access and reduce storage costs.

When you dig further into the privacy rules you hit a conduit in Section 164.530. There, entities must implement appropriate administrative, technical and physical safeguards to protect PHI. Further, they must guard from any intentional or unintentional use or disclosure of PHI. This opens the door to the security rules where entities must ensure the confidentiality, integrity and availability of all electronic PHI they create, receive, maintain or transmit.


start top  Whip Out the Crystal Ball An Open Door Policy 





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
Federal CTO Sees IT Leading U.S. Out Of Recession
Aneesh Chopra is looking to other CIOs to advise him on fleshing out a more detailed agenda to best serve the president's IT agenda.

IT Spending To Fall By 3.8 Percent
IT spending is expected to decline by 3.8 percent in 2009 according to Gartner.

More articles from our career center










2009 IT Salary Survey: Meager Raises, Solid Prospects
Though raises are notably smaller than a year ago, and job security’s shrinking, IT careers are looking safer than many others in this economic downturn. Get all the findings in InformationWeek's 2009 IT Salary Survey. Available FREE for a limited time.
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



Techweb
Informationweek Business Technology Network
InformationweekInformationweek 500Informationweek 500 ConferenceInformationweek AnalyticsInformationweek Events
Informationweek MagazineGlobal CIOIWK Government ITbMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingPlug Into The CloudDr. DobbsContentinople
space
TechWeb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0Mobile Business ExpoNoJitter
Black HatGTECEnergy CampCloud ConnectGov 2.0 ExpoGov 2.0 Summit
space
Light Reading Communications Network
Light ReadingLight Reading AsiaUnstrungCable Digital NewsInternet EvolutionPyramid Research
Heavy ReadingLight Reading LiveLight Reading InsiderEthrnet ExpoTelco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems and TechnologyInsurance and TechnologyWall Street and TechnologyAccelerating WallstreetBST SummitBuyside Trading SummitIT Summit
space
Microsoft Technology Network
MSDNTechNetTotal IT ProTotal Dev ProNET Total Dev Pro CommunitySQL Total Dev Pro Community
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2009  United Business Media LLC  |  Privacy Statement  |  Terms of Service