Read This Rule and Call Me in the Morning: A New Set of Security Standards for Businesses That Handle Patient Healthcare Information Provides a Strong Framework but Few Specifics. (Medical Privacy)

By Pincock, Corey | Security Management, June 2003 | Go to article overview

Read This Rule and Call Me in the Morning: A New Set of Security Standards for Businesses That Handle Patient Healthcare Information Provides a Strong Framework but Few Specifics. (Medical Privacy)


Pincock, Corey, Security Management


The Department of Health and Human Services (HHS), after more than four years of debate and deliberation, has issued the final rule for Health Insurance Portability and Accountability Act (HIPAA) security standards. Large healthcare plans and providers have until April 21, 2005, to comply, while small healthcare plans and providers must be in compliance by April 21, 2006. It look years to finalize this rule because HHS wanted the standards to be technically accurate yet technology neutral, comprehensive but not overwhelming, and effective without involving excessive government regulation.

HHS created the rule taking into account thousands of comments and suggestions it received from healthcare providers, health plans, industry groups, professional societies, law firms, public interest groups, government entities, and private individuals.

Despite the care taken in crafting the security rules, any organization that handles electronic protected health information (PHI) now faces some challenges in how to get into and main in compliance-or face the penalties, which include fines up to $250,000 and even imprisonment. Following is an analysis of the standards that comprise the rule, as well as the implementation specifics that outline how each of those standards is to be addressed in practice.

Structure of the rule. The security rule is more comprehensive and taxing than the HIPAA patient privacy rule that was finalized last year and went into effect in April 2003. While the privacy rule gave patients the right to control the disclosure of their health-related information, the security rule requires healthcare organizations to proactively protect the confidentiality, integrity, and availability of "all electronic protected health information the covered entity creates, receives, maintains, or transmits." The security rule comprises 18 (sometimes overlapping) standards that fit into three areas: administrative, physical, and technical safeguards. Before addressing these rules, however, it is important to define the key concepts involved.

Covered entities. Only an organization that is considered a covered entity (CE) is obligated to follow HIPAA standards. Not every healthcare-related business is necessarily a CE. Covered entities are defined in the rule as health plans, healthcare clearinghouses, and healthcare providers.

Health plans, such as group health plans, health insurance issuers, health maintenance organizations (HMOs), and certain government health programs, are defined as an individual or group health plan that provides or pays the cost of medical care.

Healthcare clearinghouses are entities that process nonstandard formatted health information received from another covered entity and convert it into a standard format, or vice versa. Healthcare providers sometimes use a healthcare clearinghouse to send their paper-based claims for conversion into a standard electronic format that is more efficiently processed by the payer of the claim without the overhead of stamps, envelopes, and other expenses.

A healthcare provider is an entity that provides care, services, or supplies related to the health of an individual or that furnishes, bills, or is paid for healthcare services or supplies in the normal course of business. Most importantly, it transmits health information in electronic form in connection with a covered transaction. Covered transactions are:

* Health claims and equivalent encounter information

* Enrollment and disenrollment in a health plan

* Eligibility for a health plan

* Healthcare payment and remittance advice

* Health plan premium payments

* Health claim status

* Certification and authorization of healthcare referrals

* Coordination of benefits

If a healthcare provider does not engage in a covered transaction, it is not a covered entity. So, for example, if a chiropractor keeps all his patient information on a computer but he does not take insurance or Medicare, he is not subject to the HIPAA privacy and security rules. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Read This Rule and Call Me in the Morning: A New Set of Security Standards for Businesses That Handle Patient Healthcare Information Provides a Strong Framework but Few Specifics. (Medical Privacy)
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.