Healthcare regulatory compliance in 2011

With new regulations in HIPAA affecting close to more than half of most health care providers’ processes and systems, the fact that these regulations have set deadlines and guidelines has not made compliance any easier for these health care providers. HIPAA has brought about quite a change in the way health care professionals manage and safeguard personal and patient health care information and data. HIPAA has brought forth an added onus on ways to secure patient information and also on the different systems and processes that help achieve compliance. So the healthcare providers now have to work on defining and facilitating It compliance along with their security policies and also ensure ways to manage data access and risk. The compliance focus is also on enhanced audit capabilities and protection. 

To meet all the healthcare compliance requirements by healthcare providers will require quite a bit of planning since most healthcare compliance requirements such as HIPAA Compliance demands that healthcare providers

·         Be aware of how to manage and execute security measures for all the health related information of the patients

·         Have intrusion devices installed to keep away unauthorized access to patient’s health information

·         Also conduct risk assessments and have the best technical and administrative safeguarding mechanisms in place to protect all data effectively. 

So whether you are a doctor, a dentist or even some who handles Patient Health Information, you will be required to conform to compliance regulations set forth in both the HIPAA and HITECH acts. Since most medical practitioners fall under the category called Covered Entities, such entities are required to be HIPAA and HITECH compliant. So if you are a medical practitioner and you serve patients then you have to follow all the necessary healthcare compliance measures. In an age where corporate governance has assumed grave importance, healthcare providers understand that security and governance risk management controls are perhaps the only means to ensure all policies and procedures are enforced. 

2011 is the year when healthcare providers need to be practical in their selection of the appropriate set of controls for risk mitigation purposes. And given the need for speed and accuracy most healthcare organizations should prefer automated controls and technology since analysis and logging of data becomes much easier.  Also ensure that your security vendor can provide you with ways and means to automate processes and also offer optimum protection against anticipated threats. Healthcare professionals should also ensure that they construct their security models in such a manner that only qualified individuals can access patient’s private information.

To know more visit - Compliance Management Software here.

Achieving PCI DSS Compliance

The Payment Card Industry- Data Security Standard (PCI-DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The main objective behind the formulation of this standard is to prevent credit card fraud and to protect card holder information. This standard is applicable to all organizations which accept card payments, and store, process, or exchange card holder information.

However, from the perspective of organizations, achieving PCI-DSS compliance can be quite a challenging affair. Even a minor slip or compromise could result in huge financial losses as well as loss of reputation. While organizations have been employing various methods to ensure compliance with PCI-DSS, these methods suffer certain serious inadequacies:

·         In most organizations, encryption across computer networks is inconsistent. Therefore, credit card data are protected in some cases, but not in others

·         Some merchants store credit card data unnecessarily, and also fail to prevent them from being transmitted to less secure parts of the network

·         Some organizations fail to maintain a log of network activity, which can help reveal instances of attempted hacking. Hence, it becomes impossible to track unauthorized access to credit card data

·         Compliance management systems deployed by some companies are not proactive but reactive. So they do not scan for vulnerabilities or abnormal system activities. Hence they fail to completely protect the system from security attacks

·         Certain organizations employ disparate systems for compliance to HIPAA, SOX and other regulations, but fail to understand that these systems do not address PCI-DSS requirements


Therefore, achieving PCI-DSS compliance necessitates the adoption of a fool-proof method with 12 basic requirements:

1.      Installation and maintenance of a firewall configuration to protect card holder data

2.      Preventing usage of vendor-supplied defaults for system passwords and other security parameters

3.      Protection of stored card holder data

4.      Encrypted transmission of card holder data across open, public networks

5.      Usage and frequent update of anti-virus software

6.      Development and maintenance of secure systems and applications

7.      Restriction of access to card holder data

8.      Assignment of a unique ID to each person with system access

9.      Restriction of physical access to card holder information

10.    Tracking and monitoring of all access to network resources and card holder information

11.    Regular testing of security systems and processes

12.    Formulation and maintenance of a policy that addresses IT compliance and security

However, using disparate systems to meet these multiple requirements is not the answer. It is important for organizations to resort to an integrated compliance management software solution, which offers key features to support these requirements. By doing this, organizations can not only ensure secured storage, processing and exchange of card holder information but also safeguard their brand image and reputation.

To know more Visit - healthcare regulatory compliance

Getting the Best Deal with Healthcare Compliance Solutions

The consequences of violation of healthcare compliance regulations may have infused terror in those responsible for management of healthcare services. Yet, instances of willful negligence are still persistent. The violation penalties have also evoked skepticism as the workers are often not sure whether the request for any personal health information falls under the purview of HIPAA Compliance standards or not.

A report reveals the inadequacies of the healthcare organizations in implementing standardized policies to impart correct information to its employees. Limited knowledge accompanied with the fear of job termination can make the workers reluctant to part with basic information about patients. In small medical facilities the organizations hardly take the initiative to update their employees regarding the revised and relevant compliance regulations which lead to many accidental violations.

Hence, it becomes extremely important to ensure that the employees of the healthcare organizations be trained and made fully aware of the It compliance policies so that they can take the correct decisions and avoid any follies. Healthcare organizations may implement the best healthcare regulatory compliance solutions but all the investment is a waste when workers cannot utilize it efficiently.

With such ambiguity prevalent around, increasing concerns regarding healthcare compliance is natural. Compliance management software is an achievable feat if done in a synchronized manner. With the total know-how of what is acceptable and what is not, healthcare organizations can skillfully handle all compliance issues without leaving any gaps.

The SecureGRC SB is a unique solution that accomplishes all HIPAA / HITECH requirements. This security monitoring and management solution is a cloud based service, which means that there are no additional costs for any hardware or new infrastructure. Thus, even the small medical practitioners can afford it and put it to use immediately.

This web-based solution provides real-time information regarding the compliance status of the organization and also assesses the areas that need attention to prevent it from being the cause of any violation and the consequences thereof. With this solution, organizations can update their existing policies as per the revised regulations. It also provides solutions that govern business associates and fulfills the HITECH compliance requirements concerning business associates. 

The SecureGRC SB is a tool that provides the convenience to tactfully handle all healthcare regulatory compliance issues without causing any panic. This solution provides results that help healthcare organizations to maintain their reputation. The promptness in amending and implementing the best practices helps the organizations to avoid any injunctions.

Time to Make Data Breaches a Thing of the Past

The media is abuzz with news of data breaches especially with websites like the Health and Human Services (HHS) tracking them. As per the Office of Civil Rights, there were close to 9,109 data breaches by Sept 2010, averaging 25 data breaches per day! The HSS had earlier issued a given set of regulations to healthcare providers about notifying individuals whenever a health information breach occurs.

Breach reporting has become an intrinsic and important element of the HITECH compliance regulations. All data breaches crossing over 500, are required to be reported to the HHS within 60 days, while data breaches under 500 can be submitted annually. These breaches although not published by the HHS, they are compiled and sent to congressional committees as per the HITECH stipulations. With data breaches resulting in not just penalties but also the erosion of precious reputation and image of different health care providers, it is time that health care providers take efficient compliance measures to abide as per HIPAA and HITECH regulations effectively.

The idea is to work smartly and bring about complete visibility with an effective and economical security solution as far as safeguarding of security of patient’s health information is concerned. Most small health care practitioners worry about the investment aspect involved in installing compliance solutions, but here is eGestalt’s SecureGRC SB, which is an ideal solution especially for small medical practices. A one-stop solution, it allows health care providers to abide as per the compliance regulations of HIPAA/HITECH.

A web-based solution, SecureGRC SB offers a unique approach to tackle security and data breach issues. Owing to its ability to deliver services on the cloud, it can capture information and keep you updated constantly in case of any changes in regulatory policies. SecureGRC SB is an economical, easy to use web based solution that can help small medical practitioners be HIPAA compliant. It is high time that small healthcare practices opt for a suitable healthcare regulatory compliance solution to tackle data breaches intelligently and make data breaches a thing of the past.

To know more visit - healthcare compliance here.

To be or not to be’ HIPAA compliant! The choice is yours

HIPAA, the short form for Health Insurance Portability and Accountability Act, introduced by the US Congress in 1996, was to set a standard to safeguard the privacy of patient information and regulating the way healthcare providers use that information. HIPAA essentially focuses on safeguarding the patient’s healthcare coverage and also on the patient’s rights as to how they can convey, share and store their information. HIPAA created certain safeguards that ensured that any patient-sensitive data was well protected. HIPAA applies to all medical practitioners, medical enterprises, health insurance enterprises, and a host of others handling patient-medical information.

Health care enterprises are worried and apprehensive of HIPAA violations, which may occur because of intentional, unintentional accidental errors or due to technical errors. Intentional or unintentional the law is ruthless! Any kind of HIPAA violation can affect an enterprise adversely. Therefore, enterprises would do well to put in place a team that would be in charge of managing and ensuring the complete enforcement of HIPAA compliance measures and regulations. 

It is necessary for all healthcare enterprises to safeguard access to sensitive health-care information; they need to have a firm grip over systems and processes handling patient healthcare data.  Healthcare enterprises need to be aware of the appropriate steps for ensuring proper healthcare regulatory compliance. Risk analysis conducted by health care enterprises exposes vulnerabilities and vulnerability scanning in the existing systems. Such analyses help in fixing the identified vulnerabilities and sustaining data integrity and confidentiality. 

To achieve health care compliance, health care providers need to ensure that they constantly review their compliance procedures and policies - auditing transaction logs, compliance reports, configuration settings, role-based access controls, security incident reports and effectiveness of incident handling and disaster recovery mechanisms. 

Being HIPAA compliant is not difficult. To be or not to be is your choice. All you need to do is to pick up the right tool for setting up policies and automated tools to check compliance periodically.

Read More On: HIPAA Compliance, threat management, IT security compliance

HIPAA compliance now made easy through automated highly cost-effective solutions

The very mention of the word ‘HIPAA’ leaves people apprehensive of the ingenious ways of the criminal-minded and their debilitating impact on the medical practice. The law was to merely protect the rights of patients with regards to their personal health information has taken on a more grave form due to regular occurrences of misdemeanor and intentional mishandling reports. The U.S. Department of Health and Human Services has imposed severe regulatory metrics for healthcare compliance and equally severe penalties for violation of the regulations.

The addition of HITECH further confirms the intensity of maintaining strict compliance measures with a penalty of $250,000, apart from the slur cast on the reputation of the healthcare organizations and instantaneous termination awarded to delinquent employees. There are times when employees of the healthcare organizations violate the HIPAA Compliance regulations either out of curiosity or out of a willingness to do a good deed. 

A staff nurse was terminated when she accessed a deceased patient’s records to stop intimating the family members regarding a follow-up appointment through an automated system. Another incident of accidental violation occurred in the DePoo Chemical Dependency Facility in Florida where the program director allowed an unauthorized staff entry into a restricted area containing confidential information.

Some employees are also tempted to violate the healthcare compliance regulations with a curiosity to view personal health records of high-profile celebrities, and sometimes selling them for monetary gains. Even with the termination of employees there is no reduction in violation of the law. 

All these incidents clearly emphasize the need for imparting proper training to the staff to clamp down these rampant malpractices. It becomes crucial to update the employees regarding silly mistakes that can cost heavy losses. The healthcare organizations should also implement technology that provide robust tracking, monitoring and remediation solutions along with educating the staff regarding the significance and repercussions of compliance violation.

Any act of violation can be thwarted and controlled with the help of automated compliance healthcare solutions delivered on the cloud. The solutions provide real-time information and keep a track of the activities constantly. Thus organizations can modify their existing regulations as per the revised ones and be safe from non-compliance insinuations. Since the services are delivered on the cloud there is no requirement for any new infrastructure which eases the worry of spiraling costs. 

The HITECH regulations have issued mandatory clauses for business associates which all healthcare providers must adhere to. The web-based solutions provides another benefit – that of tracking and monitoring the activities of the business associates..

Healthcare organizations that wish to survive in such precarious conditions have to initiate strategies to ensure high levels of awareness regarding the ongoing compliance requirements and the alacrity to adapt to the changing demands. It is only with the automated IT healthcare compliance solutions that the healthcare organizations can think of avoiding any mistakes and surviving scathing effects.

Read More On: it compliance , governance risk and compliance, Compliance management software

Drawing-Out A Strikingly Compliant Role

While Cignet is recovering from the shock of $4.3 million fine slapped on it for HIPAA violation, barely two days later, the General Hospital Corporation and Massachusetts General Physicians Organization Inc. or better known as the Mass General gets hit with a  fine of  $1 million penalty for blatant exposure of patients’ records in a subway train!

Reports of renowned organizations being subjected to steep penalties due to HIPAA violation are becoming regular. These reports have already started creating negative impressions directed at healthcare organizations, and giving patients an opinionated view. The increase in the penalty amount from $25,000 to $1.5 million as per the HITECH Act proves the significance of enforcing stringent measures for patients’ data protection. Yet organizations fail to convey the message effectively to their employees inviting trouble and criticism.

It is time healthcare organizations and providers took impacting decisions to fulfill their responsibilities. If the well-known organizations are capable of such negligence – willful or otherwise, jeopardizing the lives of their patients, then there is very little hope that small medical practices would not falter on this account. In any case it is the lives of the patients that are at stake.

Healthcare organizations need a proactive compliance strategy that can provide compelling solutions to all security related risks. SecureGRC SB is a wise and affordable option that can help organizations deal with all their existing compliance drawbacks. The solutions are cloud-based with real-time information and updates that help keep organizations on their toes.

With SecureGRC SB, the processes are automated, simplified and easily manageable. There is zero confusion and no complications involved in the execution of the process thus helping drive compliance smoothly and efficiently. With its commendable tracking and monitoring system it can effectively curb all propensities to overlook any regulations.

This solution is best suited for small medical practices as it keeps them in sync with HIPAA and HITECH regulations. It also ensures that the regulations relevant to business associates are up to date and concurrent with HITECH and HIPAA compliance standards. It is only when organizations demonstrate a responsible healthcare compliance attitude towards their patients that they can expect a positive trend for mending and uplifting their battered reputation. With SecureGRC SB we can expect that trend soon, thus providing organizations relief from penalties and assuring patients sanctity of personal information. 

Achieving Effective Healthcare Compliance

Did you know that there are close to 1.2 billion outpatient and physician office visits per year in the US? According to CDMatters, most of these patient records and documentation are quite inferior and generally contain substandard clinical documentation. Healthcare professionals like you generally face quite a prolific set of compliance requirements that are related to operational practices, service delivery procedures and management of records. The general regulatory compliance requirements and industry standards include HIPAA, HITECH and several other patient safety regulations put forward by the state and healthcare institutions that have to ensure that all medical records are maintained safely and securely. 

For healthcare professionals, healthcare compliance issues fall under their realm and it is their  responsibility to see that have what it takes to provide best possible care for their patients and also ensure that they abide as per all the compliance guidelines efficiently, because if they don’t then they are setting  themselves up for any kind of healthcare fraud investigation. Healthcare fraud investigations can be carried out if you as a healthcare professional don’t have a compliance program that assists you in responding to different healthcare compliance issues. 

Your compliance program needs to offer you a complete solution that addresses all compliance shortcomings and helps reduce errors coming up in internal audits. This means, for instance, that you need to have a program that has an efficient auditing process that assesses medical billing issues completely. It should also provide you with means and ways to address concerns and issues among your patients, employees, insurance officials etc. Your program should also help in the billing and coding compliance requirements for different treatments and also assist in correct assessment of risks. Appropriate documentation is also an important aspect of healthcare compliance since it is the proof that can be provided during audits etc. An optimized healthcare compliance program helps healthcare professionals to stay clear of unseemly treatments, lawsuits and other issues that crop up amongst patients and their insurance claims. The program must also ensure that you opt for a compliance healthcare solutions partner that can help keep you abreast of all regulatory compliance changes and updates that occur in real time. So with the right solutions provider you can ensure that all your concerns about HIPAA compliance, information security, and data protection among others can be finally put to rest. 

The basic idea behind having an optimized healthcare compliance program is to be equipped with the necessary expertise and tools that can help you achieve and maintain healthcare compliance easily. 

To know more visit - IT security compliance

Medical Identity Theft and the Need for Healthcare Compliance

Identity theft that started mushrooming with the advent of bank credit cards and the internet paved the way for another crime much more dangerous and serious than the regular financial identity thefts. With the regular identity theft, people normally lose money but with medical related identity theft, you get to lose much more than that. Apart from financial implications, it gives rise to other serious issues that can prove very costly in the long run.

Medical Identity Theft
Medical identity theft refers to the use of other person’s name and details for personal gains. The fraudster uses the personal information including health insurance details to

·         acquire highly expensive medical treatments, surgery or prescription drugs

·         make false medical claims

Implications of Medical Identity Theft

As mentioned above, the implications of medical identity theft are far more serious and dangerous than financial identity theft. Apart from unpaid charges and damaged credit as seen in regular identity theft, medical related identity theft involves the inclusion of false and incorrect entries in the victim’s medical records. The most damaging part of medical theft is that the victims would be denied health care coverage if the fraudsters have exhausted all the benefits. The victims might even lose the insurance completely, if they do not restore the coverage by paying the bills for the treatments they did not receive. Moreover, the wrongful entries in the victim’s medical records would prove risky because it can lead to improper diagnosis and inappropriate treatment which can be life threatening. Hence medical related identity theft would ruin not only victims’ medical life but also their financial life for years to come.

Medical related theft is increasing at an alarming rate and what makes it a serious issue is the fact that there is no proper procedure to handle these kinds of issues. It can never be fixed since there are limitations to what the authorities and the victims can do to rectify it.

HIPAA & HITECH Acts

Understanding the difficulties and challenges of storing sensitive Patient Health Information (PHI) in paper form, federal government enacted legislations to encourage medical record computerizing. Since switching to EMRs (Electronic Medical Records) from paper form might make it easy for fraudsters to access sensitive patient information and since in most medical identity thefts, medical practitioners, healthcare solution providers, and business associates are found to be involved, government decided to take concrete steps to thwart healthcare fraud. Hence, it was made mandatory for all medical practitioners, healthcare providers, and business associates to achieve and maintain healthcare compliance with the regulations laid down in the HIPAA Compliance & HITECH Acts.

With HIPAA and HITECH Acts coming into play, patients can be rest assured about the privacy and security aspects since HIPAA and HITECH Acts plug all possible loopholes within the health care industry.

To know more visit -  Intrusion Detection System

Best Solutions to Support HIPAA and HITECH Regulations

The healthcare fraternity is faced with an increasing need for securing patient health care information with the adoption of information technology. They find themselves inadequately equipped in its security policies and practices to assure the authorities that the information is indeed safe in medical practice. The HITECH or Health Information Technology for Economic and Clinical Health Act was enforced on Jan 6, 2009 as an additional regulation to the HIPAA or Health Insurance and Portability Act. However, most of the healthcare organizations have failed to be consistently compliant with the HITECH Act.

Deploying A good percentage of security breaches can be attributed to administrative loopholes. As per a survey conducted on 77 US healthcare organizations by the Ponemon Institute, 90% had suffered data breaches, 79% were found non-conforming to HIPAA individual audits, 50% did not have supportive HITECH management strategies, 60% had insufficient risk management policies and 50% of organizations had untrained staff, unaware of the security and privacy regulations.

Security compliance has become a perplexing issue with seemingly contradicting regulatory mandates. On the one hand, health care reform is demanding more access to personal health information online while HIPAA and HITECH are stressing on accountability and compact security solutions. With the ever-increasing demand on information security within the health record systems, the only way that healthcare providers can find confort is by investing in a web-based compliance management program with automated processes.

This cloud-based service provides the best compliance and monitoring solutions ensuring complete adherence to the HIPAA/ HITECH regulations. This system provides specific guidelines with high levels of visibility and progressive view of the compliance status. It is equipped with built-in extendable support for all HIPAA HITECH requirements that can be set to update the systems automatically according to any ongoing revisions on the acts. This web-based program eliminates all manual errors thereby providing accurate information and reduces wastage of time.

The healthcare industry has been inefficient in driving the compliance momentum successfully due to very hight technology costs, which the small medical establishments and providers find unaffordable. With the web-based services, these small establishments now can be free of any financial burden as there is no need for investing in any custom hardware but yet implement the best practices and policies as per the HIPAA compliance and HITECH Acts.

It can be unnerving and assiduous to keep up with the various healthcare compliance mandates. Non-conformance can evoke decimating consequences and penalties. This is an awakening call for all healthcare providers, big or small, to get their act straightened in keeping the electronic protected health information to ensure confidentiality, integrity and availability and to remain safe from issues of non-conformance and non-compliance.. 

To Know more visit - IT security compliance here.

Top compliance tips for healthcare companies

It all started in the late 1990’s when healthcare professionals started using electronic forms of saving health care records. In 1996 came the Health Insurance Portability and Accountability Act (HIPAA). The main aim of this act was to ensure that despite any job movement employees could avail of health insurance easily. It’s only in last two years that healthcare compliance has become a part of the administration’s healthcare reforms wherein changes were introduced to the Health Information Technology Economic Clinical Health (HITECH) act, which made the American healthcare industry stand up and take notice. The US healthcare industry which comprised of a varied range of healthcare entities was required to follow the stringent compliance requirements, else face penalties. There were instances wherein some healthcare enterprises failed to meet the compliance regulations owing to a deficiency of a well planned IT governance plan.  Here are a few tips that can help such companies accomplish their compliance requirements easily. 

• Healthcare companies should necessarily have a clear cut organizational strategy in place to ensure the best security for all health information and documents they possess. A sound compliance plan is an absolute necessity since it provides the all-essential road map on how to secure compliance and also is a clear indicator if there are any compliance enforcement problems.
• It will certainly help healthcare companies if they appoint someone to take up the responsibility of all their healthcare regulatory compliance, since any kind of HIPAA compliance means that there needs to be coordination between technical, legal, HR and other departments internally and with related authorities externally. This implies that policies need to be defined clearly and explained to the entire workforce to ensure that it’s implemented and enforced properly. Companies could employ effective staff training programs as well to ensure that compliance standards are implemented effectively. Some companies prefer appointing a compliance committee to ensure complete adherence to the new regulations.
• Companies can also invest in systems that can efficiently monitor possible compliance issues and be reported early on.
• Opt for a compliance management solution that can keep you updated on all the latest versions and revisions of every act.
• A HITECH compliance solution that can also be delivered via the cloud would be an asset for any healthcare enterprise. The solution delivered via the cloud means that you will require no custom hardware requirements of any kind.
• Any healthcare regulatory compliance solution you opt for should keep you informed about what compliance tasks need to be performed and it should also be able to provide you access to tools to accomplish the same.

Healthcare companies should employ compliance leaders who would be able to fully grasp the diverse organizational dynamics within the company. Such compliance leaders would be able to keep a check on transactions and ensure that compliance is correctly being integrated in different processes within the company. 

To know more visit -  Intrusion Detection System

Ensure Healthcare Compliance Easily

The enactment of the HIPAA/HITECH Act could not have come at a more appropriate time. Everyday there are hundreds and thousands of data leaks and identity thefts reported from different parts of the world. In United States alone, incidents of data breaches continue to occur at alarming rates. Moreover, if we take into account data breaches in the healthcare industry, the figures would be more when compared to other industry sectors. This is because of hospitals’ low –key attitude towards protecting patient data as they are de-focused on the enormous vulnerabilities that exist in the healthcare industry.

Though the decision of the federal government to encourage and promote technology use in the healthcare space is the right step in the right direction, it can be a success if and only if healthcare organizations, medical practitioners, and pharmacies follow suit. However, merely converting patient information to electronic health records (EHR) would not serve the purpose since increase in electronic health data would only intensify attacks by the hackers. Hence, it has to be carried out in an organized manner with primary focus on security and privacy aspects.

Through the enactment of the HIPAA/HITECH act, the federal government hoped to enhance the efficiency and effectiveness of the nation's health care system and with support from the healthcare industry, they have succeeded to a greater extent in making it a reality. However, the complacent attitude of the health care providers, pharmacies, and medical practitioners towards patient data protection management forced the government to take a carrot and stick approach.

The HIPAA/HITECH Act
The HIPAA or the Health Insurance Portability and Accountability Act was enacted in 1996 to protect the health insurance coverage for employees and workers when they change or lose their jobs. However, in 2003, the HIPAA act was amended to include the Administrative Simplification (AS) provisions in order to check fraud and abuse within the healthcare system. As per the amendment, hospitals, medical practitioners, and business associates were asked to take sufficient steps to address the data security and privacy concerns of patients.

The HITECH or the Health Information Technology for Economic and Clinical Health Act was enacted in 2009 by the federal government to encourage the use of technology in the healthcare industry. The government declared incentives to the tune of $19.2 billion to those organizations that take all the necessary measures for healthcare compliance. However, the government also made it clear that from 2015 onwards defaulters would have to face stiffer penalties for HIPAA/HITECH non-compliance.

Though the HIPAA/HITECH Act is already in place, the healthcare industry still needs time to adopt a compliance driven approach. However, the availability of a unique, inexpensive, and automated SaaS based solution is making things easier for doctors, dentists, chiropractors, psychologists, nursing care providers, or anyone who handles Patient Health Information (PHI) to achieve HIPAA/HITECH compliance. It not only helps in identifying the problem areas but also aids in fixing it, thereby ensuring complete data protection.

Also know more about IT security compliance here

What do you know about Protected Health information and disclosure rules

Protected Health Information (PHI) is health information that is acquired while treating patients. This can contain details such as name, social security ID, email Ids, contact details, medical record ID, health plan ID, names of close relatives, certificates, license number, fingerprint information, photos, etc.

There are stringent rules about disclosure of these details.  Healthcare professionals are permitted to use PHI for purposes that may include treatment of a patient, to justify the payment for a patient’s treatment and for some financial, legal or other health-care business improvement initiatives. Also healthcare enterprises can make disclosures in case of enquiries into the patient’s location involving disaster relief or if the details are required by the patient’s relatives who have been identified and designated by the patient.

For any PHI disclosure, the healthcare professional requires either a written permission or authorization from the patient to utilize or disclose PHI for reasons that maybe separate from treatment, payment, healthcare requirements, etc. However the enterprise can disclose some general demographic information or treatment dates for fund-raising purposes, and this does not require any authorization. Healthcare enterprises can share PHI while coordinating or managing health care related services for treatment reasons or consultation between the patient and a third party. This may be done to refer and consult another healthcare entity about the patient’s condition. When it concerns payment issues, then disclosures can be made to obtain reimbursements for services or to obtain health plan premiums and provide benefits under healthcare plans. Medical disclosures can also be done if the state or federal court requires the records for a particular case. In a pandemic scenario, healthcare professionals will have to divulge health details of persons infected with the disease for public health and safety. Also in extreme cases such as the case of an unstable patient who may either cause harm to himself or cause harm to others, health information can be given to the authorities like the police etc, to ensure that no harm is caused to either the patient or to the general public. Lastly there can be medical disclosures made in case of pending medical bills, or to settle on an elderly patient’s eligibility benefits.

Read more on:  HIPAA compliance, Compliance management software,

IT security compliance

Understanding healthcare compliance requirements

It is common knowledge that Health Insurance Portability and Accountability Act (HIPAA), set the mechanism for the exchange, safety and privacy of healthcare-related data. Also another important element in healthcare compliance is the Health Information Technology for Economic and Clinical Health (HITECH) Act under which health data breaches have been taken more seriously. The HITECH act widens the meaning of HIPAA, whereby many healthcare enterprises that were earlier exempt from HIPAA privacy and safety rules will now have to abide by it. President Obama’s American recovery and reinvestment act (ARRA) of 2009 popularly known as the stimulus package extended the actual reach of HIPAA. 

An HIPAA covered enterprise (legally called a ‘covered entity (CE)  is any enterprise that handles personal health records (PHR) or personal health information electronically; therefore the enterprises that generally come under this are hospitals, doctors and health insurance enterprises including Health Care clearing houses. Generally Protected health information includes all the health-related information that might include different details - from visits to doctors or medical specialists, information about allergies, immunization and family health history, records of medicines consumed, surgeries or operations undergone etc. Healthcare enterprises need to meet compliance standards to be able to benefit from Medicare as well as Medicaid. This means that reporting will be an additional function that healthcare enterprises must get involved in, whereby these enterprises will have to report, explain and perhaps even reimburse an extra billing made. The new HITECH provisions includes rules pertaining to disclosing account related details and it sets limits on how PHR or PHI can be used for marketing or fundraising reasons. Under the HITECH, it is a complete no-no to sell protected health information. The act also states that every entity covered under it should necessarily review its information infrastructure and systems to be fully compliant. 

Inability to abide as per these HITECH compliance standards or any privacy or security violations will mean severe penalties to be paid which will be collected by the Office of Civil Rights (OCR). Therefore any healthcare enterprise needs to notify data breaches within 60 days. Opting for a HITECH or HIPAA compliance management solution that assists you in complying as per the set guidelines would be a great idea for any healthcare enterprise. Failure to abide as per the rules and you could be looking at a fine as high as US$1.5 million per year and even criminal prosecution. 

Also Know more information about IT security compliance here

Healthcare Compliance to Detect and Thwart Healthcare Fraud

Healthcare fraud related crimes are on the rise in the United States. The recent arrest of 111 doctors, nurses, and healthcare professionals in a massive healthcare fraud estimated at $225 million, involving criminal false claims, identity thefts, money laundering, and conspiracy to trick Medicare, is enough to prove the current state of affairs in the healthcare industry. Healthcare fraud is a thriving industry thanks to the unscrupulous attitude of certain patients, doctors, and even pharmacies.

Medicare
Medicare is a social insurance program implemented by the United States government to provide health insurance coverage to those who are disabled and to those who are 65 and older. Medicare has been a target for fraud because medicare claims are processed quickly. Moreover, since the healthcare providers themselves file medicare claims on behalf of the patients it makes matters easy for fraudsters and scamsters. 

Types of Fraud
As noted above, health care fraud has become a booming business in the United States and the fraudsters stop at nothing to make easy money. The following are some of the typical frauds found in the healthcare industry.

·         Billing for procedures, medical tests, or services that are either needless or never performed

·         Billing for expensive services that are unnecessary

·         Inflating bills for those services that are either free or inexpensive

·         Making separate bills for services that can be bundled together

·         Accepting kickbacks and bribery for patient referrals

·         Using the identity of others to make false insurance claims

Importance of Legislation
In most healthcare frauds, the healthcare providers are found to be the perpetrators. Be it Doctors, Dentists, Chiropractors, Psychologists, Nursing Care or any practice, since they handle Patient Health Information (PHI), it is very easy for them to find easy targets. Realizing the helplessness of the patients, the United States government decided to act tough and enacted various legislations to protect patient health records and safeguard them from becoming a pawn in the hands of healthcare fraudsters.

The ARRA Act
The United States government introduced the American Recovery and Reinvestment Act commonly referred to as the Stimulus or the Recovery Act to help the country recover from recession. As part of this act, the government allocated around $155 billion towards the improvement of the healthcare industry. The ARRA act also brought into effect two federal laws known as the HIPAA compliance and HITECH Acts to crack down on healthcare fraud. With the government making the ARRA act binding on all, medical practitioners, healthcare providers, and business associates have no other choice but to ensure healthcare compliance  so that they are not on the wrong side of the law.

In healthcare industry, corruption is widespread and deeply embedded and therefore enforcing these kinds of acts is the only way to clean up the mold that has penetrated deep in the healthcare industry.

Get more information about HITECH compliance management here.