HIPAA Compliance Guide

NELLIS AIR FORCE BASE, Nev.-- The 414th Combat Training Squadron recently added the cyber domain to its red flag exercise to better prepare U.S. and allied air forces to defend against threats of the 21st century. Red Flag 13-3 is the first red flag exercise to extensively incorporate adversaries in all three domains of air, space and cyberspace simultaneously. (U.S. Air Force graphic by Master Sgt. Jason W. Edwards)

Using a HIPAA compliance guide will put you in a position to ally your group and your business associates to gain a proper understanding of  the requirements associated with the Health Insurance Portability and Accountability Act (HIPAA).

It is vital that all obligations of HIPAA are understood and policies and processes are introduced covering each implementation specification stated in 45 CFR Parts 160, 162, and 164. If a group does not adhere with all of the requirements of HIPAA, and non-compliance is uncovered by regulators, substantial fines can be sanctioned. The highest financial penalty is $1.5 million per violation category.

The HIPAA Administrative Simplification Rules

HIPAA was brought in to enhance the efficiency and effectiveness of the healthcare environment in the United States. The four main aims of HIPAA are insurance portability, administration simplification, health information privacy, and the safety of electronic healthcare records.

The combined text of the HIPAA Administrative Simplification Regulations adds up to 115 pages. HIPAA ensures that individuals are able to have existing insurance coverage while they are between jobs. HIPAA requires certain code sets and transaction and identifier standards to be implemented to simplify the administration of healthcare and reduce the clerical burden on healthcare groups.

The HIPAA Privacy Rule establishes national standards which must be implemented by three main types of healthcare group:  Healthcare suppliers, health plans, and healthcare clearinghouses that complete healthcare transactions electronically. The HIPAA Privacy Rule standards help to see to it that the privacy of patients and insureds is safeguarded.

The HIPAA Security Rule creates standards which ensure the confidentiality, integrity, and availability of protected health information. The Security Rule states that security measures must be created to keep electronic protected health information secure at all times and guarded from unauthorized access.

The HIPAA Breach Notification Rule establishes standards for reporting security breaches where healthcare information has been viewed by or shared to unauthorized individuals or has otherwise been exposed.

The HIPAA Administrative Simplification Regulations also incorporate the Enforcement Rule, which establishes standards for the enforcement of compliance with HIPAA Rules.

HIPAA was amended by the final Omnibus Rule in 2013 which included many provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act to enhance privacy and security protections for electronic health data.

Along with applying to healthcare providers, health plans, and healthcare clearinghouses, business associates of those entities also have obligations and must adhere to specific aspects of HIPAA Rules.

Advantages of Using a HIPAA Compliance Guide

HIPAA may simplify the management of healthcare, but compliance is far from straightforward. The text of HIPAA can be difficult to understand. Several parts of HIPAA could be interpreted in different ways and evolution in technology over the years has also increased the level of confusion.

The aim of a HIPAA compliance guide is to review all of the required elements of HIPAA and explain each element in more detail and provide guidance and context to allow HIPAA-covered groups and their business associates make  some sense of the requirements of HIPAA.

Click here for the HIPAA Compliance Guide