 |
.jpg)
 
|
 |
The long-awaited HIPAA Compliance Security Rule has arrived.
| Lack of compliance is a violation of Federal law. |
Effective April 21, 2003, covered entities* (CEs) with receipts of more than $5 million have until April 21, 2005 for compliance.
CEs with receipts totaling less than $5 million will have until April 21, 2006, to become compliant.
* A CE (covered entity) is any health plan, health care clearinghouse, or health care provider who transmits or stores any protected health information in electronic form. Failure to comply carries penalties of up to $250,000 in fines and/or a jail term of ten years
Requirements for HIPAA compliance involve the definition of how information is processed, exchanged and protected. Security Rule requirements are specific to the safeguards listed below.
Security Rule Requirements: Three categories for HIPAA Compliance:
- Administrative Safeguards
- Documented policies of day-to-day operations.
- Employee's relationship to protected health information.
- Management of the selection and use of security controls.
- Physical Safeguards
- A series of security implementations designed to protect a CE's data systems, and physical facilities from natural threats and/or man-made intrusions.
- Technical Safeguards
- A series of security measures that specify the use of technology to secure protected health information - especially the access to such data.
Security Rule Specifications: 42 Implementations for HIPAA Compliance
The Security Rule has 42 implementation specifications. Full compliance requires 20, which are required, and 22, which are addressable. The required specifications are mandatory-- they MUST be implemented.
The addressable specifications can be handled by performing one of three things:
- Implementing the addressable specification, if reasonable and appropriate.
- Implementing an alternative compensating control that upholds the standard.
- Implementing nothing if the specification is not reasonable and appropriate and the standard can still be met.
HIPAA Compliance Combats Waste and Fraud
Health Care Industry spending accounts for 14.3% of the country's Gross Domestic Product. Although it is the largest sector of the economy, it is also the least automated. The health care industry is overburdened with paperwork, leading to material waste and sometimes to fraud. In fact, a recent Deloitte & Touche study predicts that, if left unchecked, health care spending will reach 16% of the GDP, of which the government funds only about one-third.
By becoming HIPAA compliant, the U.S. Department of Health and Human Services (HHS) estimates a savings of $30 billion dollars over the next ten years. Widespread use of electronic transactions, eliminating inefficient paper forms, is just one way HIPAA compliance procedures stand to save the industry billions of dollars. It can save you money and time, too.
Time and Resource Intensive
The most important issue today is the Security Rule.
Becoming compliant is time and resource intensive. At ÜberGuard, we understand the serious business issues compliance involves. Current updates and expertise in security procedures are a must. These are the kind of updates and expertise ÜberGuard utilizes on a day-to-day basis. We keep you updated as needed, providing the right solutions to keep your data and your business secure.
To become compliant with the Security Rule NOW, call or write to us at:
Email:
infosec@uberguard.com
Telephone:
(585) 226-2635
Fax:
(585) 226-9329
Mailing Address:
ÜberGuard Information Security Consulting
91 Clinton St.
Avon, NY 14414
|
|
|
