NewsLine — September 2009 - (Page 19)

HIPAA and Technology: Some Considerations By Gay Madden, RN W e begin with a brief overview of HIPAA (Health Insurance Portability and Accountability Act) and move on to discuss some of the issues you may not have considered when your organization fi rst implemented procedures to meet its requirements. However, let us not forget that HIPAA began as a transaction standardization effort; it was not until the breaches that occurred in healthcare during the initial HIV crisis of the early 1980s—that cost many individuals their healthcare benefits and jobs—that it became a federal rule. The information patients and families share with us is a sacred trust and one that deserves our time and attention to safeguard. HIPAA took effect on April 14, 2006 and must be followed by all healthcare providers. It helps ensure that all medical records, medical billing, and patient accounts meet certain consistent standards with regard to documentation, handling, and privacy. In addition, it grants patients access to their own medical records as well as the ability to correct errors or omissions and to be informed of how their information is shared. The information patients and families share with us is a sacred trust and one that deserves our time and attention to safeguard. HIPAA is actually a set of three rules: • HIPAA Privacy Rule mandates the protection and privacy of all health information, specifically the authorized uses and disclosures of individually identifiable health information. This rule provides broad protection for all forms of health information which is transferred through verbal, print and electronic communications. HIPAA Transactions and Code Set Rule addresses the use of predefi ned transaction standards for communications and billing. HIPAA Security Rule mandates the security of electronic medical records. This rule addresses the technical aspects of protecting electronic health information, and specifically targets: Administrative Security: The assignment of security responsibility to an individual. Physical Security: The protection of electronic systems, equipment and data. Technical Security: The authentication and encryption to control access. • • Most of us have gone through the hard part—the initial risk assessment, the development of policy and procedures, and the education of our staff, care partners, and patients and families. We have survived the initial implementation and have seen some enforcement by the Office of Civil Rights. Most of us have gone beyond fi nding the log-on and passwords of our staff on post-it notes affi xed to their computers. We have heard the stories of stolen or lost computers, faxes sent to incorrect fax machines, and continued on next page NewsLine 19

Table of Contents for the Digital Edition of NewsLine — September 2009

NewsLine - September 2009
Contents
Introduction
Archstone Foundation Grant: Exploring the Role of Spiritual Care in Palliative Care
Working for a Greener Future
Transforming Care at the Bedside
Point of Care Documentation: Perception Versus Reality
A Technophobe Signs On
Utilizing Volunteers More Fully
HIPAA and Technology: Some Considerations
Keeping the Attending Physician Involved

NewsLine — September 2009

https://www.nxtbook.com/nxtbooks/nhpco/salesbook
https://www.nxtbook.com/nxtbooks/nhpco/clinicalteamconference2010
https://www.nxtbook.com/nxtbooks/nhpco/meetingseducation2010
https://www.nxtbook.com/nxtbooks/nhpco/strategicplan2010-2012
https://www.nxtbook.com/nxtbooks/nhpco/200909_nwsline_nxtd
https://www.nxtbookmedia.com