IT Security and Compliance
SAP GRC Implementation
> HIPAA Compliance
HIPAA in the News
Connecticut AG sues Health Net over security breach
JPN's HIPAA 2.0 Compliance Offering
HIPAA 2.0 EDI Translator: JPN's product TransGen
is an EDI translator that is fully compliant with HIPAA 2.0
transactions, identifiers and code sets specifications. Transactions
types for standardized content, such as health claim submissions,
claims status checks, health plan eligibility and enrollment, are
specified for use by covered entities. Unique identifiers provide
accountability by identifying covered entities or employers who have
added or modified healthcare information. Pre-defined code sets,
used as transaction data elements, represent diagnoses and billing
information, to name two transactions.
TransGen handles all HIPAA X12 version 004010A health care
transaction sets and X12 version 005010 transaction mapping based on
customer needs. TransGen is highly secure, customizable and suitable
for both healthcare providers and payers. For more information on JPN's TransGen product
HIPAA Security Rule Blueprints: JPN's HIPAA
Security Rule Blueprints enable HIPAA covered entities to become
compliant by adopting relevant operational and tactical guidelines
contained in the set of offered blueprints. These blueprints are
based on NIST’s Risk Management Framework.
JPN’s HIPAA Security Rule Blueprints include the following:
- Policies, procedures, standards and baselines
pertaining to the rule.
- Reference network security architectures.
- Administrative, technical and physical
safeguard measures for EPHI at rest and in motion.
- Security awareness and training.
- Monitoring and security incident response.
- Contingency planning.
A Quick Primer on HIPAA 2.0
The American Recovery and Reinvestment Act of 2009 ("ARRA") including the Health Information Technology for Economic and Clinical Health ("HITECH") was signed into law in February 2009. HITECH , among other things, builds on the privacy and security regulations of HIPAA in 1996. The impact of HITECH on privacy and security and the latest version of the transaction standards for HIPAA EDI are collectively referred to as HIPAA 2.0
The major impact of HIPAA 2.0 is in four areas:
Business Associates Agreements
Updates to Business Associate Agreements have been mandated. Starting in February 2010, all business associates will be subject to civil and criminal penalties under HIPAA.
Breach Notification Rule
Effective September 23, 2009 a breach of Protected Health Information requires notification to affected individuals within 60 days. If the number of individuals involved are more than 500, notice must be provided to both the media and the Department of Health and Human Services.
Penalties and Enforcement
The revisions to HIPAA under HITECH provides for increased civil and criminal penalties. Additionally, starting in 2012, individual victims will be able to share in civil penalties levied against those violating HIPAA.
Accounting for Disclosure
Under HIPAA of 1996, disclosures of electronic protected health information were exempt, if they were related to treatment, payment or health care operations. As early as January 2011, covered entities will have to account for all disclosures of electronic protected health information, even if such disclosure was made for treatment, payment or health care operations.
Email us at email@example.com for a free one-hour consultation on how to comply with HIPAA 2.0.