Mar
17
April 21: Deadline for Small Health Plans to Comply with HIPAA
Filed Under HIPAA, HIPAA (General), HIPAA Compliance, HIPAA Security | Leave a Comment
The deadline is looming, according to Business & Legal Reports:
The deadline for small [health] plans to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) security standards is drawing near. The security standards are a corollary to the HIPAA Privacy Rule, which created national standards to protect individuals’ medical records and other personal health information and give to patients more control over their health information.
[...]
HIPAA’s security standards specify a series of administrative, technical, and physical security procedures for covered entities to use to ensure the confidentiality, integrity, and availability of PHI in electronic format. The security standards for all but small plans had to be in place by April 25, 2005. Small plans have until April 21, 2006, to comply. A small health plan is defined as a plan with annual receipts of $5 million or less. (Group health plans with fewer than 50 participants and that are administered by the employer are exempt from the HIPAA privacy, electronic transaction, and security standards.)
The standards require covered entities to implement basic safeguards to protect electronic PHI from unauthorized access, alteration, deletion, and transmission. The various standards may have either required or addressable implementation specifications.
Mar
17
Database Plan Needs to Extend HIPPA
Filed Under HIPAA, HIPAA (General), HIPAA Enforcement, HIPAA News, HIPAA Regulation, Medical Privacy, Privacy News | Leave a Comment
A Congressional health subcommittee heard testimony on plans to develop a new medical information database in the United States, and experts said a new federal privacy law would be needed to expand HIPPA to cover the database, according to a story by UPI.
HIPPA covers breaches of health privacy by health plans and providers, but doesn’t say anything about other people who might access medical information such as medical transcribers hired by doctors or even hackers.
A new federal law would have to make sharing medical information a crime for anyone with access to that information. Experts urged that passing of a law to cover the database before that system is put in place, instead of trying to write a law to fit the new technology once it is already in place.
Right now there is a patchwork of state laws covering the privacy of medical records in addition to HIPPA. About 17,000 claims have been filed under HIPPA, but action has only been taken against one company.
Privacy advocates warn that a law that does not give patients the right of consent to say who can and cannot access their records will quickly erode the patients’ right to privacy. The right of consent was removed from HIPPA in 2002.
H.R. 4157 in Congress would establish a nationwide health infrastructure. It is much more complicated than the current system for tracking patient records and, as such, Blue Cross and Blue Shield has said the timetable for implementing the system as outlined in the bill is too ambitious.
For more on the bill before Congress, visit Thomas.