|
About HIPAA
The Health Insurance
Portability and Accountability Act of 1996 (HIPAA) is
forcing medical transcriptionists to use a standardized
data exchange format and meet new privacy standards for
patient information. Most companies are required to
comply with the HIPAA privacy rules by April 14, 2003,
but smaller organizations have until April 2004.
The Centers for
Medicare & Medicaid Services (CMS) is responsible for
implementing various unrelated provisions of HIPAA,
therefore complying with HIPAA regulations will require
different actions by different people.
HIPAA requires
health providers, business associates, and medical
transcriptionists to adopt standards for electronic
administrative and financial transactions.
Security and Privacy
The Administrative Simplification provisions of HIPAA
(Title II) require the Department of Health and Human
Services to establish national standards for electronic
health care transactions and national identifiers for
providers, health plans, and employers. It also
addresses the security and privacy of health data.
Adopting these standards will improve the efficiency
and effectiveness of the nation's health care system by
encouraging the widespread use of electronic data
interchange in health care.
Complying with HIPAA is challenging. Because this
regulation affects many different areas, including
standards for transactions, rules for data
privacy/security and standards for clinical records.
HIPAA Enforcement
The Department of
Health and Human Services has responsibility for HIPAA
enforcement rule. Current enforcement is “complaint
based” and under a revision for transition to
investigation. The proposed rule replaces an interim
enforcement rule published two years ago that primarily
covered steps the government would take to impose civil
fines for violations of non-privacy HIPAA rules. Many
provisions of the interim rule are included in the
proposed rule, but the scope of the proposed rule is
much larger.
MedXsecure technology and security protocols
MedXsecure works by
allowing medical transcriptionists to communicate
securely within through a public network like the
Internet. The MedXsecure system is a virtual private
networking tool that uses Internet technology to
securely share medical information and operations by
utilizing unique extranet technology with
well-defined security protocols within the system.
The new modules in the MedXsecure system are
proprietary technology and unique to MedXsecure. While
email is a component of our system, it also allows for
secure document transfer and has secure email-to-fax
capabilities as well as an electronic lockbox for
important documents.
MedXsecure was
designed as a complete electronic communication system
and can establish
Private
Domains branded to the client.
We've taken painstaking
measures to protect all patient information. When our
system is used properly, the levels of security not
only meet HIPAA regulations but exceed their
requirements as it relates to the electronic transfer
of personal health information.
MedXsecure
provides a way for medical transcriptionists to
exchange and track personally identifiable health
information in an easy to understand format. Our system
takes the worry out of HIPAA compliance issues and
fulfills a great need in the medical industry. But most
importantly our system ensures the privacy of the
patients, who are affected the most when personal
health information is not securely transmitted from one
party to another.
Medical
Transcription and HIPAA compliance
Medical transcriptionists are
required to implement safeguards designed to protect
the privacy and security of personal health information
(PHI).
Medical transcriptionists are
subject to the business associate requirement set forth
under HIPAA's
privacy rule. They are subject to this
requirement because the transcriptionist performs a
function on behalf of health care providers that
includes the use and disclosure of PHI.
Accordingly, transcriptionists are
prohibited from using or disclosing PHI in any manner
that would violate the Privacy Rule if done by the
provider itself. It is important to keep in mind,
however, that covered entities, although not allowed to
use or disclose PHI in any manner except as permitted
under HIPAA, are not required to protect against any
and all, known, unknown, or unlikely uses or
disclosures in violation of the Privacy Rule.
Safeguards must be reasonable, but not foolproof.
Electronic Communication and Transfer
of PHI
HIPAA's proposed security standards
(the "Security Standards") apply to PHI that is either electronically maintained or transmitted. Covered
entities will be required to enter into
chain of trust
agreements with medical transcriptionists when PHI is
processed electronically through the transcriptionist.
Pursuant to these
chain of trust agreements, transcriptionists will be
obligated to maintain the integrity and confidentiality
of PHI while in receipt of such information and during
transmission of the same.
HIPAA falls short of
mandating specific
technology solutions that covered
entities must implement (or require of their chain of
trust partners to implement), in order to ensure the
security of PHI; requiring only that covered entities
implement appropriate administrative procedures,
physical safeguards, and technical security services
and mechanisms to guard data integrity,
confidentiality, availability and to prevent
unauthorized access to certain data.
|
