search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
REGULATORY REVIEW


Keep Your Patient Data Secure Review HIPAA and use HHS’ and OCR’s resources BY ALEX TAIRA


The Information Age has revolutionized the health care industry, giv- ing patients and provid- ers greater, more specific


access to personal health data. Care coordination operates with greater efficiency through the electronic trans- fer of personal health information (PHI), and providers and facilities can be reviewed on an expanded range of quality metrics. This digitalization of health care, however, also brings new vulnerabilities; health care facilities that previously worried about physical security must now consider ways to combat remote, electronic theft. In 2015, a data breach of informa- tion held by insurer Anthem Inc. caused the personal information of 78.8 mil- lion people to be stolen. The informa- tion stolen included names, addresses, social security numbers, medical IDs, and more and eventually led to a land- mark $115 million settlement in 2017. It is paramount that ASCs develop and implement sound policies and procedures to protect patient’s PHI. A good place to start is a review of the pertinent laws and regulatory bodies that govern this information.


History of HIPAA


President Clinton signed the Health Insurance Portability


and Account-


ability Act (HIPAA) into law in August 1996. Lawmakers were concerned with the growing amount of health infor- mation being stored electronically and tasked the US Department of Health and Human Services (HHS) with the development of several rules that would ensure the security and confidentiality of patients’ PHI. HHS would release a total of five rules between 2000 and 2013 that form the current framework


OCR Breach Investigations January–July 2018


Unauthorized


Access/Disclosure 42%


Hacking/ IT Incident 36%


Theft 15%


Loss 4%


SOURCE: US DEPARTMENT OF HEALTH AND HUMAN SERVICES OFFICE FOR CIVIL RIGHTS


It is paramount that ASCs develop and implement sound policies and procedures to protect patient’s PHI. A good place to start is a review of the pertinent laws and regulatory bodies that govern this information.”


—Alex Taira, ASCA


of rules and regulations governing health care information. The HIPAA Privacy


Rule was


released in December 2000 with a man- datory compliance date in April 2003. This rule, importantly, defined the term “protected health information” as “individually identifiable health infor- mation held or transmitted by a cov- ered entity or its business associate, in any form or media, whether electronic, paper, or oral.” A HIPAA Security Rule followed in 2005. That rule out- lined security areas—administrative, physical and technical—that must be considered when electronically storing PHI. An Enforcement Rule followed


18 ASC FOCUS NOVEMBER/DECEMBER 2018| ascfocus.org


in 2006, with further extensions and definitions added in the Health Infor- mation Technology for Economic and Clinical Health Act (HITECH) in 2009 and the Final Omnibus Rule of 2013. It is likely that these rules will continue to be refined as health care technology continues to grow in importance and used throughout the industry.


The Office of Civil Rights The HIPAA Enforcement Rule laid out important responsibilities. Notably, it established processes for HHS to investigate and enforce (via monetary penalty) HIPAA complaints and com- pliance violations. Primary responsi-


Improper Disposal 3%


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30
Produced with Yudu - www.yudu.com