The role of HIPAA when you join a medical research team
Clinical trials and medical studies are fundamental to the advancement of medicine and if you join a research team, you may be asked to sign certain important forms. One of these may be an authorization form which will authorize the research team to use or share your personal health information with others for the research study such as:
* Your name and address
* Your health background
* Your health care provider’s name
* Your birthday Your medical records
* Your ethnic origin
* Your lab test results and X-rays
* Notes taken by a doctor or nurse
* Your medical diagnosis
The good news is that “patients and health plan members should be more willing to authorize disclosures of their information for research and to participate in research when they know their information is protected…The Privacy Rule both permits important research and, at the same time, encourages patients to participate in research by providing much needed assurances about the privacy of their health information.”
HIPAA Privacy Rule here regulates the documentation needed (i.e. the waiver that patients sign to release their information for the study).
The other entities who can see the information include “The Office for Human Research Protections (OHRP) is a public health authority under the HIPAA Privacy Rule. Therefore, covered entities can continue to disclose protected health information to report adverse events to the OHRP either with patient authorization as provided at 45 CFR 164.508, or without patient authorization for public health activities…”
Subscribe to the comments for this postA webinar on HIPAA and HITECH compliance
A webinar under privacy expert Rebecca Herold will be held on Wednesday, April 27th, which will focus on the real solutions to the 4 key areas that your business needs to focus on for HIPAA HITECH compliance. These areas include assessment of your risks and vulnerabilities, development of policies and procedures, encrypting ePHI for client data protection and having a breach notification plan in case of a problem.
The topics which will be addressed by the industry experts include
Risk Assessments - ACR 2 Solutions, will discuss identifying, quantifying and assessing information security risks using automated technology developed under federal sponsorship for high value military and civilian networks. Risk assessment is mandatory under HIPAA, GLBA, FISMA and other statutes, and is also part of the “Meaningful Use” qualification to receive subsidies under the HITECH act.
Policies and Procedures - Compliance Helper (CH) provides turn-key solutions for those needing policies and procedures based on content developed by Rebecca Herold and Associates. The combination of the ACR 2 Gap report and the Compliance Helper Prepare and Care solution creates a simple and organized process for organizations to become fully HIPAA HITECH compliant.
Email Encryption - The Industry Radar in partnership with industry leading email encryption provider, ZixCorp, and hosting partner Greenview Data, has developed the RadarMail 360 suite with email encryption solutions for both outbound and inbound communication to meet any organization’s needs, regardless of size.
Breach Remediation - ID Experts will discuss the need for a comprehensive data breach response plan and describe best practices for healthcare data breach notification and patient care. They will also review the HHS-mandated risk assessment requirement for breaches involving protected health information (PHI).
GHG choses INetU as the hosting provider for its healthcare software program
Gorman Health Group (GHG) has a innovative health plan enrollment and payment reconciliation software called Valencia and the Group has chosen INetU as the dedicated managed hosting provider for this healthcare software platform. Valencia is a unique software in the sense that it ties workflow and reporting controls directly to the discrepancy engine, giving plans faster processing times, increased visibility into performance, and more compliant operations.
GHG needed a hosting provider that could actively help GHG with HIPAA-compliant hosting as well as provide a close partnership with their hosting company, an expert IT staff, high availability solution design, and SAS 70 Type II certification.
“Heath care in general, and Medicare contractors especially, demand the highest standards of HIPAA compliance and security,” said GHG’s Senior Vice President of Strategic Development, Nathan Goldstein. “INetU’s expert solution design and service make it easy for us to help our clients by delivering secure and scalable hosted solutions as part of their business plans. We had over 2.5 million members on our software within weeks of launch and INetU made the launch simple and seamless.”
“With HIPAA privacy laws, and especially the new HIPAA HITECH requirements for hosted data, it is important that health care-related services choose a hosting provider with proven experience in keeping patient data secure,” said GHG’s Chief Hosting Officer at INetU, Chad Mowery, “INetU’s data centers are SAS 70 Type II audited, Visa PCI certified, and EU Safe Harbor compliant. Our commitment to security, privacy, and 100% uptime is the perfect match for hosting the Valencia software package. We are also able to provide guidance to our customers to help them with complex compliance issues enabling them to focus on their core business.”
Looking for HIPAA compliant medical billing services for group practices?
Those in healthcare industry can submit medical bills and insurance claims promptly and accurately by availing the services of HIPAA complaint medical billing services for group practices. These services considerably minimize the managerial tasks of medical practitioners, saving time and effort and thus enhance productivity and profitability. These companies understand the medical billing needs of group practices and many multi-specialty hospitals, rehab clinics, individual practices, acute care clinics, long-term healthcare agencies and many others are benefitting from them.
These companies have experienced professionals with in-depth knowledge of HIPAA complaint medical billing software including NextGen, Inception, IDX, and Practice Admin and so on. They offer services like:
• Patient enrollment
• Insurance enrollment
• Scheduling and rescheduling
• Medical coding
• Insurance verification
• Insurance authorizations
• Charge entry and payment posting
• Billing and reconciling of accounts
• AR collections
• Report maintenance
The advantages of HIPAA complaint medical billing services offer include:
• Greater data confidentiality and security
• Fewer claim rejections and denials
• Secure data storage, access facility and periodic data backup
• Rapid turnaround time
• Minimum paperwork in your practice
• Regular technical evaluation and constant support
To conclude, before hiring any HIPAA compliant medical billing services for group practices, one should compare price quotes from various providers and also ensure that they hire a provider who can deliver competent solutions.
How to ensure HIPAA compliance with international outsourcing of healthcare services?
HIPAA covers all protected healthcare information and it continues to apply to any health information whether the content is being printed, discussed orally, or changes in form. Thus, for all healthcare organizations, it is not only vital to protect the electronic maintenance and transmission of this data, but also protect any paper versions or oral discussions pertaining to this information.
Outsourcing healthcare services like medical billing and coding to O2I is very common these days and involves the transfer and maintenance of important information. Thus, the companies outsourcing healthcare work need to be ensured that vendors are complying with international standards. In case of international outsourcing, the companies need to ensure that the coders are professional, skilled, and well versed in international coding practices.
The companies offering services should ensure:
* Awareness programs for all employees
* Ongoing training and testing programs link HIPAA education to staff rewards
* HIPAA resource directory to update employees on regulations, news and events
* Dedicated team of software programmers developing HIPAA compliant transaction
There should also be a thorough understanding of patient confidentiality and all medical records. Since HIPAA makes constant changes as it incorporates or discards certain practices, the companies should make sure that they are always aware of such changes, thereby ensuring that all information is safe and adheres to the highest standards of quality.
Is HIPAA causing an obstacle to flow of medical information in sports?
In spite of the fact that Health Information Portability and Accountability Act (HIPAA) was enacted to protect the privacy and confidentiality of patients’ health information, there has been little reflection on the fact that it has deterred the situation in sports medicine because it has unintentionally created an obstacle to the free exchange of health records of every athlete to coaches, athletic trainers and team physicians who need to have complete medical information on every athlete.
For example, in boxing, a fighter must allow free access to medical data before being allowed to compete in any jurisdiction. Also young athletes in high school need to supply complete medical information regarding medical conditions, allergies and prescribed drugs to their coaches.
Often, athletic trainers are employed by entities contracted to provide services to a school. Parents can protect their children by making sure they directly provide the athletic trainer or youth coach with accurate, complete medical information.
“HIPAA was never intended to compromise the communication among care givers,” said Glenn Stadnick, Corporate Compliance and Privacy Officer at Backus Hospital.
Features of HIPAA Online Certificate
HIPAA Online Certificate is a unique self-contained image file that allows your organization to maximize all the control over accessing all the information about its certification efforts
By requesting a certificate of conformance an organization is agreeing to the following terms:
* The file being validated is a real data file that has been generated by processes that truly exist within the organization.
* During the testing lifecycle, when an error was received, the organization modified the actual processes and procedures used to create the file, and did not simply modify the final data file in order to receive a “passed” report.
* The data file is representative of the lines of business that the organization supports for the transaction being certified.
While these rules are simple, they depend upon trust and integrity between trading partners, and not just the automated validation process. When an entity receives a certificate, it indicates that the submitter was able to generate a valid HIPAA file. It means that the partners have done their best to shorten the time between testing and production.
The result of the certification process is a unique self-contained image file that allows your organization maximum control over access to information about its certification efforts.
Each certificate generally contains the following features:
* Certification Definition. Each certificate contains a clear definition of what certification does and does not mean.
* Certifying Organization. Each certificate contains a set of distinguishing information about the certifying organization.
* Implementation Guide. The HIPAA implementation guide used for certification is clearly displayed on each certificate.
* Watermark. A watermark, an embossed version of the certification logo, is located in the background of the certificate with the organization and file information written on top.
* Status. The certification status is clearly indicated in bright blue text.
HHS reports a significant number of PHI breaches by HIPAA covered entities
The U.S. Department of Health and Human Services (HHS) states that post the coming into effect of the new federal breach notification requirement in September 2009, large breaches of patients’ health information have been reported by more than 30 HIPAA covered entities. The breach notification requirement, enacted in the American Recovery and Reinvestment Act of 2009, requires Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entities to notify individuals whose protected health information may have been improperly accessed, used or disclosed. If the incident affects 500 or more patients, the covered entities also are required to notify HHS and the media. HHS must post the names of entities that report large breaches on its Web site.
Among these breaches, the most significant breach was reported by Blue Cross Blue Shield of Tennessee which affected about 5,00,000 persons and attributed to stolen hard drives. More than half of the 36 reported large breaches involved theft, loss or unauthorized access of computers or laptops. Several others occurred in portable electronic devices. Only a few of the reported breaches involved paper records. Approximately 300 reports of smaller breach incidents, typically involving paper records, were received by HHS.
HHS posted its list on the Web site on Feb. 22 which stated the causes of the 36 breaches as:
• theft (22);
• theft and unauthorized access (five);
• loss (three);
• incorrect mailing/e-mail (two);
• unauthorized access (two);
• hacking (one); and
• phishing scam (one).
Webinar on HIPAA compliance under HITECH by the Institute for Health Technology Transformation
The Institute for Health Technology Transformation is the leading organization committed to bringing together private and public sector leaders fostering the growth and meaningful use of technology across the healthcare industry. The institute is set to hold a health information webinar entitled “Case Study: The Challenges of Protecting ePHI to comply with HIPAA under HITECH” on April 13th, 2010 at 11:00am PDT.
At the webinar would be present Wes Wright, vice president and chief technology officer, Seattle Children’s Hospital and Ram Krishnan, senior vice president of products, GuardianEdge who will discuss real-world healthcare environments and associated risks of exposed patient data; new federal and state mandates for the secure collection and exchange of electronic patient health information; changing priorities of managing patient data for an increasing mobile workforce of medical professionals; growing importance of secure endpoint devices to help enable quality of care; and lessons learned in choosing and deploying mobile data encryption for the protection of ePHI.
“As healthcare moves to a wider and deeper electronically connected model, new state and federal personal privacy laws combined with updates to HIPAA are making the regulatory environment more complex than ever,” said Ram Krishnan, senior vice president of products, GuardianEdge. “Healthcare organizations need make sure all of the systems are in place to properly protect their patients’ private information.”
Wes Wright will discuss the delicate balance between enjoying the benefits of a mobile computing environment and mitigating the risks associated with it.
Texas Health Insurance works along side HIPAA to protect workers’ health insurance plans
The congress established the laws of Texas health insurance in 1996, also known as the portability and the Health Insurance Accountability Act, in order to protect workers and their families to health insurance and establish standards for insurance providers and employers.
Under Title I of this law, the providers of health insurance in Texas and across the United States cannot judge eligible workers or not simply based on disability, genetics, or their medical history. Title I also prohibits providers of health insurance restrictions on coverage or refuse workers to pre-existing conditions. One of the most important areas of HIPAA for those with pre-existing insurance is to cover the requirements in Title I. As such, if you have any major pre-existing conditions and feel that you may be eligible for a Texas HIPAA health insurance plan then you should speak with a licensed insurance agent health in Texas to verify your eligibility.
Title II includes two sets of criminal and civil penalties for those who violate the laws. The Department of Health and Human Services has established five key rules: security, privacy, laws, unique identifiers, and transactions and code sets rules.
The safety rule consists of three sections: administrative, physical and technical. The Privacy Rule expands on this, imposing restrictions on disclosure of information concerning a person’s health care status. The application of the Article sets sanctions, primarily civil violations and fines for those who have violated HIPAA.
Since its inception, the HIPAA laws have affected research and clinical care. Because HIPAA call for details on many forms, some patients complain that many things are extremely user-hostile. Other studies suggest that the HIPAA privacy rules have adverse effects on costs and results of health research.