In addition, PHI in electronic form is subject to HIPAA's security requirements. When individually identifiable health information is created or received by a HIPAA covered entity (or a business associate acting on a covered entity's behalf) it becomes PHI that is subject to HIPAA's privacy requirements. Relates to an individual's past, present, or future physical or mental health condition, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to the individual.
Health care clearinghouses, which are companies that process non-standard health information they receive from another entity into a standard electronic format (or vice versa).Health care providers that transmit health information in electronic form, including most doctors, clinics, hospitals, therapists, chiropractors, nursing homes, pharmacies, and dentists.Health plans, which include employer-sponsored group health plans, health insurance companies, health maintenance organizations (HMOs), and certain government programs that pay for health care (for example, Medicare and Medicaid).
HIPAA's requirements also apply to organizations that perform services for HIPAA covered entities – known as "business associates." Covered entities can disclose PHI to their business associates only if the covered entities obtain certain assurances (through a contractual agreement) that the business associate will appropriately protect the PHI.Ĭovered entities are defined as the following HIPAA's requirements apply directly to "covered entities," which are defined as health plans, health care providers that carry out certain kinds of transactions electronically, and health care clearinghouses. In 2013, HHS issued comprehensive regulations that updated HIPAA's privacy, security, and enforcement rules to reflect the HITECH Act. In 2010, the Affordable Care Act (ACA) made significant changes affecting HIPAA's portability requirements. For example, in 2009 the Health Information Technology for Economic and Clinical Health (HITECH) Act added breach notification requirements for covered entities and expanded how HIPAA's privacy and security requirements apply to business associates. The HIPAA statute has been amended over the years and has been the topic of numerous sets of implementing regulations and related guidance. In general, HIPAA's portability requirements were intended to promote greater continuity of health plan coverage, while its privacy and security rules govern how individuals' health information (referred to as "protected health information" (PHI)) is used and disclosed. Department of Health and Human Services (HHS) was tasked with issuing regulations to implement the statute. The law was passed by Congress and signed by President Bill Clinton in 1996. Price is based on the number of employees and is for 1 year access and may be renewed at the then current price.HIPAA's origins date to the early 1990s as medical records first began being transmitted in electronic form. Recommended for practices who have already done a Risk Analysis and developed all the required written HIPAA security policies and procedures in accordance with the Risk Analysis results but still need an easy, cost-effective training program for employees. HIPAA Training Only – Access to on-line videos for new employee and annual employee training on HIPAA privacy and security rules. Access to training programs and portal is for 1 year and may be renewed each year for the then current price. Cost is based on the number of employees in the practice.
It is recommended for practices that have made changes to their systems or added new vendors/business associates resulting in a need to do another Risk Analysis or practices that update their Risk Analysis annually. This package is essential for a practice that has not done a risk analysis and/or does not have written policies and procedures to address the 38 Required and Addressable Security Rule Safeguards. HIPAA required Risk Analysis, Customized Policies and Procedures and Employee Training. Essential +Policies Compliance Package – Includes all services described above.