HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

Caution!
Visiting this web site requires a newer version of Netscape Communicator.

Visit Microsoft's Web site to obtain the newest version of Internet Explorer, or visit Netscape's Web site to obtain the newest version of Netscape Communicator.

Visiting this web site without first upgrading your browser may result in unreliable behavior.

HIPAA Position Paper: Overview

The administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data. Adopting these standards will improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care.

As the country moves towards its goal of a National Health Information Infrastructure (NHII), and greater use of electronic health records, protecting the confidentiality, integrity, and availability of EPHI (Electronic Protected Health Information) becomes even more critical. The security standards in HIPAA were developed for two primary purposes. First, and foremost, the implementation of appropriate security safeguards to protect certain electronic health care information that may be at risk. Second, protecting an individual's health information, while permitting the appropriateness and use of that information, ultimately promotes the use of electronic health information in the industry - an important goal of HIPAA.

The Privacy Rule sets the standards for, amoung other things, who may have access to PHI (Protected Health Information), while the Security Rule sets the standards for ensuring that only those who should have acces to EPHI will actually have access.

Electronic vs. oral and paper: It is important to note that the Privacy Rule applies to all forms of patients' protected health information, whether electronic, written, or oral. In contrast, the Security Rules covers only protected health information that is in electronic form. This includes EPHI that is created, received, maintained or transmitted. For example, EPHI may be transmitted over the internet, stored on a computer, CD, a disk, magnetic tape, or other related means. The Security Rules does not cover PHI (Protected Health Information) that is transmitted or stored on paper or provided orally.

Supporting compliance for HIPAA

How s i m p l e i s u s supports compliance for HIPAA

s i m p l e i s u s (as released in version 1.0) does not support transmission of any health information in electronic form. It is designed to mechanize the documentation of clinical records and capture data entries which are used to calculate billing. It also summarizes the information and sets up the presentation for printing to paper (hard copy) on a standardized form. Since the program does not support the billing forms to be electronically transmitted, the program is not coded with Electronic Health Care Transactions and Code Set Standards. But any PHI that is in any electronic form (stored on a computer's hard drive, a disk, magnetic tape, memory stick, etc.) must be in compliance with the Security Rule (only those who should have access, actually have access) because it now is considered EPHI.

HIPAA compliance is at the forefront of our business design. s i m p l e i s u s has an ongoing commitment to ensure that we build features into our program that will allow our clients to gain and maintain compliance with the Privacy and Security rules. We have implemented enhancements to facilitate support for the user in maintaining the privacy of patient data and the security of access only by the authorized user/users.

Included in each program are reminders about the safeguards and security measures that the user should take with their computer/workstation that houses EPHI.

Our reminders include the following:

Protect computer 's operating system with antivirus program and other software which helps to reduce the ability to be spied on.
Enable password protection on your computer/workstation.
Position your computer/workstation to only allow viewing by authorized individuals.
Log off before leaving your computer/workstation.
Remove risk of theft by protecting and safeguarding your computer.
Backup your EPHI by creating a retrievable, exact copy.
Electronic media containing EPHI (CD, disk, memory stick, etc.) should be protected and stored in a locked and secured location.
Dispose of EPHI from your computer,if you give it away or sell it, by backing up the files and uninstalling the program.
Dispose of electronic media that contains protected health information by degaussing or physically destroying when no longer needed.

Summary

s i m p l e i s u s is sensitive to the HIPAA concerns of our clients, and will continue to take all precautions to ensure we meet your needs to maintain compliance. This includes client education and features in the program that support rules of privacy and security of EPHI.

Responsibility of full compliance, however, will remain with you. Please provide feedback on areas where we may be of assistance.

See link below and also LINKS section for Web Links to help with your HIPAA concerns and questions.

http://www.hipaa.org/

Simple Early Intervention Software User Solutions
Barrilleaux & Associates, LLC
Phone 985-878-3695 (voice mail)
56405 Currier Lane
Loranger, Louisiana 70446-2743

simpleisus@hughes.net