Updating hipaa policies and procedures

Specifically, the Final Privacy Regulation contains requirements for "Business Associate Agreements." These are agreements between certain third parties and covered entities intended to ensure the privacy of any protected health information that is disclosed to or utilized by third parties on behalf of the covered entity, under certain circumstances.

Business Associate Agreements must establish permitted uses of Protected Health Information (PHI) and must contain provisions ensuring that a third party business entity will employ appropriate safeguards to prevent use or disclosure of this information except as authorized by the agreement.

updating hipaa policies and procedures-61

In some instances, providers may require separate releases for mental health records. Granted, there were questions about the current address of the man since it was not listed on his identification, but somehow the hospital was able to forward a bill for services to the right address.

When asked why they had not notified the family, hospital authorities cited federal confidentiality regulations as preventing them from doing so.

Accordingly, the covered entity must be satisfied that the third parties involved in electronic information exchange are employing adequate, appropriate, and necessary technical, physical and administrative measures.

Information in this format must be encrypted or protected in a some manner to prevent inadvertent disclosure and thus exposure to liability by the third party or the covered entity itself.

Similarly, the Proposed Security Regulation requires covered entities to maintain agreements—Chain of Trust Agreements—to ensure the security of protected information exchanged electronically.

These agreements are intended to ensure that information remains secure at every point of an electronic transmission. Many covered entities are seeking—or should be seeking—assistance in attempting to improve upon areas in which HIPAA has created conflicts, such as in disclosure of information to patient families and to insurance companies. Responses Still Needed by Covered Entities The delayed reaction to the impending regulatory requirements seems indicative of a significant lack of understanding regarding HIPAA’s impact on health care delivery as well as a misconception surrounding the effects that these regulations will have on the health care industry and patients. Next, future initiatives having HIPAA implications will be presented. HIPAA defines a covered entity as a health plan; a health care provider, specifically a provider who conducts certain financial and administrative transactions electronically, (e.g., billing, funds transfer, and/or insurance claims); or a health care clearing house. The provider can be liable for both civil and criminal penalties of up to 0,000. In conclusion, the need for all covered entities and their personnel to look broadly at HIPAA as initiating a new way of work in health care will be emphasized. These entities are defined as organizations that process or facilitate the processing of health information from non-standard formats to standard formats or vice versa (e.g., a physician's billing service). Nurses stand at the forefront in the resolution of the dilemma of patient privacy versus health care expediency. Congress enacted Health Insurance Portability and Accountability Act (HIPAA) in 1996 to limit the ability of an employer to deny health insurance coverage to employees with preexisting medical conditions. This law has increased patient privacy, but in doing so has added to the financial burden, including personnel costs in health care.

Tags: , ,