Are You HIPAA Compliant?

HIPAA is here, but not all is bad news. The Health Insurance Portability and Accountability Act (HIPAA), also called the Kennedy-Kassebaum Act, mandates that healthcare providers must assure their customers (such as patients, insured, providers and healthcare plans) that the recoverability, confidentiality and privacy of healthcare information they electronically collect, maintain, use or transmit is secure.

HIPAA sets standards for a broad range of health-care practices. Among them:

Electronic commerce
Unique health identifiers
Transaction codes
Electronic signatures
Security/privacy practices for health information
Business Continuity Plans

One of HIPAA’s goals is administrative simplification, which requires the standardization of Electronic Data Interchange (EDI) transactions. EDI standardization offers healthcare organizations genuine and significant cost savings. The workgroup for EDI estimates that standardized EDI transactions will save healthcare providers $9 billion annually. Overall, the healthcare industry could save $26 billion annually. If the industry used the standards already in place, it would be saving $125 million per week now!

Another HIPAA requirement is maintaining the privacy and security of patient records. Are your patient records secure? You need to examine your administrative procedures, physical safeguards, technical data services, and technical security mechanisms.

The impact on the industry is the cost of upgrading or replacing hardware, software, and networks to become compliant with EDI requirements. For most healthcare organizations, this will mean using information technology consultants such as StoneHenge Partners.