HIPAA - HITECH
- Breach Notification
- Enforcement & Penalties
- Business Associate Liability
- PHI Privacy Practices
- Cloud based EHR
*Medical codes such as CD-9, NDC, SNOMED CT, HCPCS are covered.
On August 21, 1996, HIPAA was created as an amendment to the Internal Revenue Service Code of 1986. HIPAA stands for Health Insurance Portability & Accountability Act, and is also known as the Kennedy-Kassebaum Act. The purpose of HIPAA is to standardize electronic patient health administrative and financial data, ensure unique health identifiers for individuals, employers, health plans and health care providers, and to guarantee security standards that protect the confidentiality and integrity of individually identifiable health information, past, present or future.
The HITECH Act, devised by Congress primarily to address electronic medical records, is being noted for its impact in adding a tough data-breach notification requirement to the long list of existing Health Information Portability and Accountability Act (HIPAA) requirements.
Like HIPAA, the HITECH Act covers healthcare providers, insurers, clearinghouses and also business associates handling personal information about patient health, as well as other protected information, including name, Social Security number, address and insurance account numbers.
Basic rules on HIPAA compliance:
GTB Technologies' HIPAA & HITECH ACT compliance solution:
Virtually all healthcare organizations are governed by HIPAA compliance, including all healthcare providers, health plans, public health authorities, healthcare clearinghouses, and self-ensured employers - as well as life insurers, information systems vendors, various service organizations, and universities. Those not compliant with HIPAA face fines up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information and fines up to $25K for multiple violations of the same standard in a calendar year.