The Health Insurance Portability and Accountability Act of 1996 (HIPAA)'s Administrative Simplification provisions call for standardization of EDI Transactions and Code Sets as well as patient information Privacy and Security. These measures, although cost intrusive and time consuming, will ultimately result in cost savings and increased efficiencies across the entire healthcare industry. The final compliance dates for healthcare providers have been set for EDI Transactions and Code Sets (October 16, 2002/2003), Privacy (April 14, 2003), and Security (April 21, 2005). Once the compliance dates have been reached affected organizations must be compliant.

"It is amazing how many calls we receive from local dentists, primary care physicians, and specialty healthcare organizations like optometrists and dermatologists who have not even begun to become HIPAA compliant. Any provider of healthcare services which bills electronically, either themselves or through a Billing Service Company, must comply with HIPAA," says Matthew Corney, President of Security Confidence.

He also states "A vast majority of healthcare organizations which bill Medicare claims are affected, as Medicare will be requiring claims be submitted in electronic format starting October 16th, 2003."

Security Confidence plans on providing its HIPAA GAP assessment free of charge to healthcare organizations who respond between April 1st and April 14th 2003. April 14th is the compliance deadline for HIPAA Privacy, an extremely important part of HIPAA.

HIPAA Privacy is a revolution in the healthcare industry. It is a federal law which provides a huge leap forward in patient's rights and sets forth considerable legal exposure to healthcare organizations which do not comply. Patients seeking care from effected healthcare organizations after April 13th should be notified of their rights by being provided a copy of the healthcare organization's Notice of Privacy Practices.

Matthew Corney goes on to say, "We have made available our HIPAA GAP solution to assist healthcare providers in the Greater Cincinnati Area in securing the community's PHI or Protected Health Information according to HIPAA."
Security Confidence's HIPAA compliance solution is a four phase approach. Phase I is their HIPAA GAP assessment. It is a question and answer methodology designed to determine a healthcare facility's compliance with the HIPAA standards. The HIPAA GAP is performed by a Security Confidence specialist at the client's office. The interview portion of the assessment consists of approximately 140 questions designed to address HIPAA's Administrative Simplification requirements. All assessments are followed up with an in-depth consultation explaining the assessment results. The final results are tabulated and presented in a thorough 35+ page report outlining the organization's compliance status and Security Confidence's recommendations.

Phase II of the compliance solution is HIPAA Action, which provides all of the materials, guidance and record keeping for a small healthcare organization to become and remain compliant with the HIPAA privacy and security regulations. All policies, procedures and legal documents are provided and reviewed by national level experts. As HIPAA regulations change Security Confidence will inform their HIPAA Action clients and modify their compliance documents automatically. They will then review the changes with the privacy/security officer within the practice and assist in their implementation.

Phase III of the compliance solution is HIPAA Secure, which is an evaluation of the healthcare organization's technology infrastructure which ensures compliancy with HIPAA's Privacy and Security requirements. Security Confidence engineers first evaluate their client's network from the outside world looking in; (i.e. the internet and telephone lines) to ensure that all of their network's doors and windows are locked. Secondly, Security Confidence evaluates their client's network infrastructure from the inside identifying appropriate user access levels, operating system patches and operating system critical updates; ensuring the data stays protected. Finally, Security Confidence reviews the recovery and backup procedures, ensuring their clients always have data availability.

Phase IV of the compliance solution is HIPAA Verify, which is an ongoing auditing and training solution from Security Confidence. It provides healthcare organizations with an annual subscription to HIPAA Action and HIPAA University to assist in staying compliant and training new employees. Furthermore, it includes quarterly testing of the security of their infrastructure as required by HIPAA through the services provided under HIPAA Secure. A monthly newsletter is published to provide continuing education to the organization's employees about security and the policies and procedures in their office.

Those healthcare organizations which would like to request Security Confidence's FREE HIPAA GAP assessment should visit a special webpage for this offer at http://freegap.securityconfidence.com. Where they can fill out an online form which will immediately notify Security Confidence of their request. Alternately they can contact Security Confidence toll free at 866-SEC-CON1.

About Security Confidence:
Security Confidence, a Cincinnati based Corporation, is a leading provider of Consulting and Advisement regarding Information Security. Security Confidence provides services such as risk assessments, training, compliancy assessments, policy and procedure creation, certification and auditing for small to medium businesses which must become compliant with HIPAA (Health Insurance Portability and Accountability Act of 1996), GLBA (Gramm Leach Bliley Act of 1999) and ‘Best Practices Security.' www.SecurityConfidence.com



This article courtesy of http://www.ruhipaacompliant.com.
You may freely reprint this article on your website or in
your newsletter provided this courtesy notice and the author
name and URL remain intact.

Submit Your Article