HIPAA – What and Why?

HIPAA stands for Health Insurance Portability And Accountability Act. President Bill Clinton approved it into law on August 21, 1996. This legislation gives security provisions and data privacy. It does so to maintain the safety of the medical information of patients.  The act contains five titles or segments altogether:

• Title I retains coverage of health insurance for people who have switched or lost their jobs. It stops group health programs from certain actions. Such as denying coverage to people who have pre-existing diseases or ailments. It deters them from putting limits on lifetime coverage.
• Title II aims to standardize the processing of electronic healthcare transactions nationwide. For this, it supervises the United States Department Of Health and Human Services (HHS). It compels the organizations to execute safe electronic access to the patients’ health data. While doing so, it stays in adherence with the privacy regulations as established by the HHS.
• Title III pertains to tax-related prerequisites and general medical help and care guidelines.
• Title IV establishes a reform in health insurance. It also includes provisions for people who have pre-existing diseases or ailments. Also, it has provisions for people who are looking for continuous coverage.
• Title V comprises provisions related to company-owned insurance. The provisions are also for the treatment of those people who lost their citizenship for income tax purposes.

About IT, HIPAA compliance implies adhering to Title II. It is also called ‘Administrative Simplification provisions. It involves obeying the HIPAA compliance requirements:

• National Provider Identifier Standard. Every single healthcare entity has to have a unique 10-digit provider identifier code. It is called their NPI (National Provider Identifier). These healthcare entities include employers, individuals, healthcare providers, and health plans.
• Transactions and Code Set Standards. They need organizations to obey a standard mechanism for EDI (electronic data interchange). During processing or submitting insurance claims, the organizations have to obey.
• HIPAA Privacy Rule: This rule ascertains national standards that safeguard patients’ health information. It ensures the safety of identifiable information.
• HIPAA Security Rule: This rule establishes criteria for patients’ data security.
• HIPAA Enforcement Rule: This rule specifies the guidelines for scrutinizing infringements of HIPAA.

In the year 2013, HHS made the HIPAA Omnibus Rule. It was made to carry out a few revisions to the previous version. These revisions were as per certain guidelines, fixed in 2009 by the HITECH Act. It pertains to the duties of business associates of the covered entities. This rule also makes modifications to the penalties for violations of HIPAA compliance. It has increased them to a limit of $1.5 Million per incident.

HIPAA violations can be very expensive for a healthcare organization. The Breach Notification Rule was formed in the omnibus. It instructs that the covered entities and their business associates. As per it, they should inform patients that they are following a data infringement.  Along with these costs, there might be fines. The organizations may experience penalties after the Office of Civil Rights (OCR) audits. Providers may even go through criminal charges for infringement of such rules.

Organizations are able to reduce the chance of regulatory action. They can do this by taking practice in training programs for HIPAA compliance. The OCR proposes six programs in total. These programs aim to teach employees about security and privacy regulations. Several other training groups and consultancies provide programs as well. Providers may even make their own programs. These programs may incorporate other areas. These areas can be the existing HIPAA policies, the HITECH Act and management processes from mobile devices, and other specific application guidelines.

There are no official certification programs for HIPAA compliance. But several training companies give certificates and credentials. They specify the awareness of guidelines and regulations that the act talks about.