Get the latest news, exclusives, sport, celebrities, showbiz, politics, business and lifestyle from The VeryTime,Stay informed and read the latest news today from The VeryTime, the definitive source.


How HIPAA Law Affects Technology

Law & Legal & Attorney Employment & labor Law
25

    History

    • The federal law entitled the Health Insurance Portability and Accountability Act of 1996, also known as "HIPAA", mandates how a patient's health information is utilized. The aim of the law is to protect against the misuse of a patient's health information and provide protection of patients' health data. The catalyst for HIPPA emerged after insurance companies and other health care entities started utilizing accessible health data to select low risk individuals for insurance coverage, essentially cherry picking the best candidates to minimize the health insurer's risk. Consequently, Congress sought to eliminate this practice. Thus, HIPAA was enacted.

    HIPAA Standards and Requirements

    • Pursuant to HIPAA, patient health data must be protected. The data included in the definition includes, but, is not limited to, a patient's record of doctor visits, medical tests, diagnostic reports and other related information. In addition, HIPAA applies to both oral and written information. As a result, the electronic storage and exchange of patient medical information is protected by HIPAA. This electronic storage and exchange of material impacts technology, because the information must be safeguarded.

    HIPAA and Technology

    • Primarily, computer storage and exchange of information is the area where HIPAA intersects with technology. Anytime a computer stores patient information, the computer must have HIPAA precautions. For instance, the computer should only be accessible by certain persons who have a special access code and/or password to utilize the computer. Also, when a computer is not in use, it should be locked and the screen must be inaccessible from unauthorized persons. Furthermore, monitors and screens should be turned away from the public to prevent anyone from seeing private medical information.
      Furthermore, special computer servers should be utilized to store private patient information. There should also be special firewall programs and other safety software installed on the computers like virus protection. These protections must be available on any computer that is used to store and/or exchange patient medical information.
      HIPAA also impacts the use of fax machines and computer printers as well. Anytime patient information is exchanged via facsimile, there must be redaction of confidential information or a limitation on who will access the incoming faxes. The same issue must also be addressed with use of computer printers. In other words, the printer must be accessible only by authorized personnel.

    HIPAA'S Specific Technology Mandates

    • The HIPAA law also contains specific mandates with respect to technology issues. Ultimately, this area is referred to as HIPAA "compliance." Specifically, the HIPAA law indicates that there must be internal controls which apply to introducing new hardware and software from the computer network of the medical provider.
      HIPAA regulations also state that there must be a disaster recovery plan and a special back-up program on network computers to recover patient data in the event of a disaster.
      HIPAA regulations require encryption of any data that is sent to outside entities and the authentication of data flowing outside of the health care provider's network. Authentication of data is another requirement for HIPAA compliance and includes the recording of who is accessing the data and for what purpose.

    HIPAA Enforcement

    • HIPAA is enforced and regulated by the United States Department of Health and Human Services. This agency is authorized to investigate and enforce HIPAA. In the event that a HIPAA law may be violated, the potential violation may be submitted in writing to the agency. Thereafter, the agency will investigate the matter and assess whether a violation may have occurred. In the event that a HIPAA violation has in fact occurred, the violator may be assessed substantial sums of money. In addition, these amounts can quickly escalate, as HIPAA allows the fines to be based upon each and every violation. Therefore, if a computer system is not HIPAA compliant, the violator has the potential to be fined for violating the HIPAA law for each patient record. Thus, it is important for a health care provider to take any and all steps necessary to comply with HIPAA.

Source...
Related to Law & Legal & AttorneyMore from author
Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time

Leave A Reply

Your email address will not be published.