MRCC
Software development
 
   About Us | Services | Industries | GSA | Partners | Careers | Case Studies | Contact Us
 Services
 
  MRCC Services : Sarbanes Oxley
  Overview
  Product Development
  Infrastructure Services
  Security Services
  Globalization
  Quality Assurance
  Enterprise Services
  Database Services
  Remote Monitoring
  Outsourcing Services 
  Financial Services
  Healthcare Services
  Regulatory 
  BPO Services
  Home
HIPAA
HAround the country, Health Care Organizations of all kinds, including Hospitals, Health maintenance Organizations, Insurance companies and entities that handle Health Care records are taking steps to comply with pending privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA) Pursuant to the new act, Healthcare Organizations that transfer records and information electronically, must follow certain standards for ensuring the records remain secure and confidential.
 
SThese proposed security standards were published in the Federal Register on August 12, 1998. "HIPAA requires that all Health plans, Health Care providers, and Health Care clearing houses that maintain or transmit health information electronically establish and maintain appropriate administrative, technical, and physical safeguards to ensure..." (Federal Register, Vol. 63, No. 155)
 
Confidentiality
Keeping all transfers of information private. Ensuring that information is not made available or disclosed to unauthorized individuals.
 
Integrity
Ensuring that data has not been changed or altered en route or in storage.
 
Authentication
Making sure the person sending the message is who he or she claims to be.
 
Non-repudiation
Once a transaction occurs, neither the originator nor the recipient can deny that it took place.
 
Authorization
Allowing authenticated users access to network information and resources based on defined privileges.
 

For a system in a hospital or clinic to be HIPAA-compliant, it needs to comply with three basic HIPAA principles - creating an audit trial, ensuring patient privacy and restricted access.

Legacy systems have no audit trails, no access logs to keep track of who accessed patient records, and were not made to share information, which make them non HIPAA-compliant. Hospitals, in particular, need to break away from the legacy EMR systems, shed their techno phobia and make the necessary investment for their CPR systems to comply with HIPAA as it will be beneficial to them in the future.

Rather than spending millions of dollars to convert their legacy systems to comply with HIPAA, some Healthcare Organizations would rather outsource the patient record maintenance to Application Service Providers (ASPs). Both payer and provider organizations have essentially three options when confronting HIPAA compliance issues for their EDI transactions

High replacement Ensuring that data has not been changed or altered en route or in storage.

Re-engineering of their current system at substantial cost and an uncertain time frame for testing and completion.

Middle-ware solution that meets HIPAA requirements at minimal cost that can be rapidly deployed.

 
Site Map | Feedback | Legal | Report
Copyright © 1996 - 2006 M&R Consultants Corporation. All Rights Reserved.