The Healthcare industry is, perhaps, the most highly regulated industry in the US. Healthcare is a huge issue. When considering the issue, it includes complex statues, judicial decision, lots and lots of federal rules, United States Department of Health and Human Services guidance documents, individual state’s Departments of Health regulations, and different standards of accreditation.

But, perhaps, the largest bit of regulatory reform that hospital executives and General Counsel have to cope with, is the HIPAA which was passed in 1996. Since its passing, huge amounts of money have been spent by Hospitals on HIPAA consulting, HIPAA lawyers, and other such precautions to make sure they are in compliance with these complex standards. HIPAA is incredibly cumbersome, outlined in the better part of 800 pages. Penalties for not being in HIPAA compliance can be up to $1.5 million. So, ensuring compliance is amazingly important. Just as flicking a light switch illuminates a room, comprehension of these basic HIPAA tenets can dry the organization’s night sweats by providing clear focus for this healthcare compliance initiative.

The HIPAA regulations are divided into two Rules: HIPAA Privacy and Security. HIPAA Security’s goal is to ensure that HIPAA privacy is in compliance by mandating standards that protect electronic health information of all types. HIPAA Privacy Rules were put together in an effort to keep disclosure or unauthorized utilization of Protected Health Information (PHI). PHI, which may be paper-based or digital, is defined in the Privacy Rule as information regarding treatment or requests for treatment which may be identified with an individual person by one or more of 18 identifiers (name, social security number, etc.).

The Privacy Rule is, in effect, a regulation of exclusion; it ensures a patience right to privacy by not allowing PHI from being disseminated for things other than for the purposes of treatment, payment or operations of a healthcare provider or plan, unless it is explicitly authorized by a patient. Exceptions include emergencies, as defined, uses or disclosures required by law, and provision of PHI to third-party contractors whose work requires access to PHI. These contractors are known as Business Associates, and the Privacy Rule requires that they sign contracts known as Business Associate Agreements, in which they agree to follow the precepts of HIPAA in keeping the information confidential. After February 1, 2010, however, Business Associates are directly covered by HIPAA, meaning they must comply with its requirements as though they were healthcare providers or plans.

Healthcare consulting groups and HIPAA lawyers are able to prepare Gap Analysis Reports that help to bring organizations into HIPAA compliance. The precepts are not complicated, at base: only use and disclose patient information for its proscribed purposes. Most hospitals already have a culture of privacy; HIPAA lawyers and healthcare consulting entities, working with interdisciplinary teams at the hospital, can cost-effectively revise practices and policies to put these themes into practice, without changing the culture of the organization or unduly frightening the executive staff.

Laura Young frequently writes on all sorts of topics including how to bring your organization into healthcare compliance, or how to find a hipaa lawyer.

•Read Other Articles by genwright

•Subscribe to author's feed

Share This Article!