Health Insurance Portability
and
Accountability Act (HIPAA)
Overview
Today's interconnected, digital world presents both challenges and opportunities to the modern healthcare enterprise. In unprecedented fashion, healthcare organizations are collecting, processing, managing, and sharing electronic information—including sensitive patient information—among providers, payers, and patients. Along with the increase in information sharing, openness, new technologies, and flexible access comes an increased vulnerability—an exposure to threats that can compromise the information being shared, much of which is confidential. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a response to this vulnerability.
Title I of HIPAA protects workers and their families when they change or lose jobs. Title II, Administrative Simplification, was designed to encourage the use of electronic data interchange to streamline and simplify health insurance claims and to reduce fraud and abuse. More recently, HIPAA requirements were added to protect the privacy and security of patient health information. The HIPAA Security Rule, finalized on Feb. 20, 2003, specifically safeguards the confidentiality, integrity, and availability of electronic protected health information (EPHI). Healthcare organizations are expending considerable effort to address the requirements set forth in the HIPAA Security Rule.
Who should be concerned about HIPAA
HIPAA applies to all healthcare providers (hospitals, physicians), payers (insurance companies, self-insured employers), and healthcare information clearinghouses. Enforcement is administered by The Centers for Medicare and Medicaid Services (CMS), a federal agency within the U.S. Department of Health & Human Services. Healthcare organizations that fail to comply face potential administrative actions, fines, and even criminal prosecution. Healthcare companies experiencing a breach in protection of sensitive information risk a loss of trust from patients and partners and damage to their reputation.
What IT systems and processes are impacted by HIPAA
Several forces contribute to the challenge of protecting health information: the extended nature of organizations and communications networks; increased collection, processing, and exchange of information; increased demand for physician, patient, and employee access to information; new technologies; and increasingly sophisticated cyber attacks and threats. When so many parties can touch information—and the networks on which the information is stored and transmitted—it becomes difficult for healthcare organizations to maintain appropriate protections. To be in compliance, healthcare organizations must tighten network security controls and increase scrutiny to ensure that only appropriate parties can access selected information and specific parts of the network.
More About HIPAA: