IT Security and Compliance  
SAP GRC Implementation  
PCI-DSS Compliance  
> HIPAA Compliance  
Representative Engagements  
White Papers  



HIPAA in the News

Connecticut AG sues Health Net over security breach

JPN's HIPAA 2.0 Compliance Offering

HIPAA 2.0 EDI Translator: JPN's product TransGen is an EDI translator that is fully compliant with HIPAA 2.0 transactions, identifiers and code sets specifications. Transactions types for standardized content, such as health claim submissions, claims status checks, health plan eligibility and enrollment, are specified for use by covered entities. Unique identifiers provide accountability by identifying covered entities or employers who have added or modified healthcare information. Pre-defined code sets, used as transaction data elements, represent diagnoses and billing information, to name two transactions.

TransGen handles all HIPAA X12 version 004010A health care transaction sets and X12 version 005010 transaction mapping based on customer needs. TransGen is highly secure, customizable and suitable for both healthcare providers and payers. For more information on JPN's TransGen product click here.

HIPAA Security Rule Blueprints: JPN's HIPAA Security Rule Blueprints enable HIPAA covered entities to become compliant by adopting relevant operational and tactical guidelines contained in the set of offered blueprints. These blueprints are based on NIST’s Risk Management Framework.

JPN’s HIPAA Security Rule Blueprints include the following:

  • Policies, procedures, standards and baselines pertaining to the rule.
  • Reference network security architectures.
  • Administrative, technical and physical safeguard measures for EPHI at rest and in motion.
  • Security awareness and training.
  • Monitoring and security incident response.
  • Contingency planning.

A Quick Primer on HIPAA 2.0

The American Recovery and Reinvestment Act of 2009 ("ARRA") including the Health Information Technology for Economic and Clinical Health ("HITECH") was signed into law in February 2009. HITECH , among other things, builds on the privacy and security regulations of HIPAA in 1996. The impact of HITECH on privacy and security and the latest version of the transaction standards for HIPAA EDI are collectively referred to as HIPAA 2.0

The major impact of HIPAA 2.0 is in four areas:

Business Associates Agreements
Updates to Business Associate Agreements have been mandated. Starting in February 2010, all business associates will be subject to civil and criminal penalties under HIPAA.

Breach Notification Rule
Effective September 23, 2009 a breach of Protected Health Information requires notification to affected individuals within 60 days. If the number of individuals involved are more than 500, notice must be provided to both the media and the Department of Health and Human Services.

Penalties and Enforcement
The revisions to HIPAA under HITECH provides for increased civil and criminal penalties. Additionally, starting in 2012, individual victims will be able to share in civil penalties levied against those violating HIPAA.

Accounting for Disclosure
Under HIPAA of 1996, disclosures of electronic protected health information were exempt, if they were related to treatment, payment or health care operations. As early as January 2011, covered entities will have to account for all disclosures of electronic protected health information, even if such disclosure was made for treatment, payment or health care operations.

Email us at for a free one-hour consultation on how to comply with HIPAA 2.0.





Copyright JPN Associates, Inc