HIPAA Compliance
Health Insurance Portability and Accountability Act enacted by the U.S. Congress in 1996.
A group of regulations that combat waste, fraud, and abuse in health care delivery and health insurance.
Title II of HIPAA, the Administrative Simplification (AS) provisions, addresses the security and privacy of health data.
IBM i Complying with HIPAA
Institute a required level of security for health information, including limiting disclosures of information to the minimum required for the activity.
- Designate a privacy officer and contact person
- Establish privacy and disclosure policies to comply with HIPAA
- Train employees on privacy policies
- Establish administrative systems in relation to the health information that can respond to complaints, respond to requests for corrections of health information by a patient, accept requests not to disclose for certain purposes, track disclosures of health information
- Establish sanctions for employees who violate privacy policies
- Issue a privacy notice to patients concerning the use and disclosure of their protected health information
- Establish a process through an IRB (or privacy board) for a HIPAA review of research protocols.
- As a health care provider, include consent for disclosures for treatment, payment, and health care operations in treatment consent form.