Stethoscope and pen above HIPAA compliance paperwork

HIPAA Compliance: Not Just for Doctors

Just as the title above suggests – contrary to popular belief, doctors and hospitals aren’t the only ones bound by HIPAA law. HIPAA was created in 1996 to ensure an individual’s health record was theirs to share and theirs alone. Thereby, HIPAA law extends to any organization involved with an individual’s medical records, including:

 

● Health Insurance Providers
● Doctors
● Clinics
● Hospitals
● Nursing Homes
● Mental Health Specialists
● Pharmacies
● Dentists, Orthodontists, and Oral Surgeons
● Any Business or Entity Sharing Medical Records with These Organization

 

As such, HIPAA law enforces the obligation of these organizations to steadfastly protect the privacy, security, and accuracy of all medical records entrusted to them. Nerds Support is vastly familiar with all aspects of HIPAA law, including the following aspects: The HIPAA Privacy Rule – sets limits on the handling and disclosure of any and all medical records without prior knowledge, understanding of, and approval from the patient. This rule also allows individuals to have access to their medical records to ensure complete awareness and accuracy of their contents. HIPAA Compliance for Business Associates – extends HIPAA law to cover not only the original definition of an “HIPAA-Covered Entity,” but also to any and all business associates with whom they share medical records. This newer aspect of HIPAA law ensures coverage over every organization who keeps medical records for any reason. HIPAA Security Rule – governs practices for how medical records may and may not be saved and shared. 
One of the largest undertakings in the medical industry as a result of this rule is the current universal conversion of all patient medical records from the original paper method to electronic data. 
As a result, organizations operating under HIPAA law must take austere measures to ensure strict HIPAA compliance with all medical data, leaving no stone unturned to minimize risk between data transfers and storage. HIPAA Omnibus Final Rule – the newest rule under HIPAA compliance law. According to Hitech Answers, the modifications within this rule are intended to: 
● Make business associates of covered entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules’ requirements. Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization. 
Expand individuals’ rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full. 
● Require modifications to, and redistribution of, a covered entity’s notice of privacy practices. 
● Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others. 
● Adopt the additional HITECH Act enhancements to the Enforcement Rule not previously adopted in the October 30, 2009, interim final rule, such as the provisions addressing enforcement of noncompliance with the HIPAA Rules due to willful neglect. 

 

Is your organization adequately prepared to stay within HIPAA compliance law? 

 

Nerds Support is
Don’t be just a number with Nerds Support!

 

With our IT Support Miami team you get personalized 1-1 support in 12 minutes or less.

 

Your nerd is
a call away
305-551-2009