HIPAA
The Health Insurance Portability & Accountability Act (HIPAA) of 1996 was the result of efforts by the Clinton Administration and congressional healthcare reform proponents to improve healthcare. The goals of HIPAA are to streamline healthcare industry inefficiencies, reduce paperwork, ease fraud and abuse detection and prosecution, and enable all full-time employees to change jobs and qualify for insurance, even if they (or family members) had pre-existing medical conditions. The final ruling for adopting HIPAA standards for the security of electronic health information was published in the Federal Register on February 20, 2003.
HIPAA Security Requirements
One key element of HIPAA is the documentation of clear policies and procedures surrounding the protection of healthcare information privacy, as auditors will be closely reviewing this requirement. Some highlights of security include:
- Audit Controls – Put in place audit control mechanisms to record and examine system activity so that the organization can identify suspect data access activities, assess its security program, and respond to potential weaknesses.
- Authorization Control – Provide a mechanism for obtaining consent for the use and disclosure of health information, so that such information is used only by properly authorized individuals.
- Data Authentication – Provide verification that data in your possession has not been altered or destroyed in an unauthorized manner. Examples of how data corroboration may be ensured include the use of check sum, double-keying, a message authentication code, or a digital signature.
- Entity Authentication – An organization must be able to confirm the identity of an outside entity. Authentication also can prevent improper identification of an entity that is accessing secure data. Features include passwords, PINs, and token or biometric authentication.
Naviant's enterprise content management solutions can assist a healthcare organization in the support of HIPAA privacy compliance.
HIPAA Compliance Solutions
