What Is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act and is a U.S. federal law enacted in 1996 as an attempt at incremental healthcare reform. It was subsequently revised in 2009 with the ARRA/HITECH Act and again in 2013 with the Omnibus Rule.
HIPAA’s intent was to reform the healthcare industry by reducing costs, simplifying administrative processes and burdens, and improving the privacy and security of patients’ health information. Today HIPAA compliance mainly revolves around the last item: protecting the privacy and security of patients’ health information.
Modax offers a full range of HIPAA compliance products from training and certification for an individual to full HIPAA compliance for organizations. We specialize in helping individuals and small to midsize organizations get HIPAA compliant in the most affordable, fastest, and easiest way possible.
Who Needs To Comply With HIPAA?
Any organization or person who works in or with the healthcare industry or who has access to protected health information.
- Medical billing & collection companies
- Medical answering services
- IT Service and hosting companies
- Software companies
- Marketing companies
- Medical device companies
- Pharmaceutical companies
- Transcription companies
- Medical interpreters
- Any business that works in the healthcare industry
Employer Group Health Plans
- HR Benefits Staff
- Self Insured Employer Group Health Plans
- Fully Insured Employer Group Health Plans
Health Insurance Companies
- Health Insurance providers
- Vision Insurance providers
- Dental Insurance providers
- Prescription Drug Insurance providers
- Medical offices
- Dental offices
- Mental and behavioral health professionals
- Nursing homes
- Urgent care centers
- Durable medical equipment providers
- Medical and healthcare personnel
HIPAA Compliance For An Organization
HIPAA compliance for an organization revolves around protecting the privacy and security of Protected Health Information (PHI) that the organization has or will have access to. PHI is any information that can be connected to an individual’s health condition.
Organizations looking to comply with the HIPAA regulations first have to determine which regulations they have to comply with.
There are two distinct and separate regulations under HIPAA:
1. HIPAA Privacy
Safeguards for keeping protected health information safe from a people, administrative, and contractual standpoint
2. HIPAA Security
Safeguards for keeping protected health information specifically in electronic form (computers, networks, email, software, electronic transmissions, etc) safe from disasters, hackers, and electronic theft.
*All organizations are required to comply with the HIPAA Privacy regulations, since Privacy involves safeguards from a people standpoint, but only those who store or transmit protected health information electronically are required to comply with the HIPAA Security regulations which is meant to protect electronic data. Once you know which regulations you need to comply with, then it is just a matter of knowing what you need to do to comply.
What Is Involved In Becoming HIPAA Compliant?
There are 3 Parts to becoming HIPAA Compliant.
- Providing a HIPAA Awareness Training to all employees of the organization that have access to PHI
- Implementing formal documents and controls for the organization to protect and safeguard PHI
- Training of a compliance officer (someone in the organization that is going to take responsibility for HIPAA at your organization)