A Path to HIPAA Compliance and A Path to Compliance with the HIPAA Security Rule are designed to make it easier for people to comply with the “administrative simplification” provisions of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-91 (HIPAA).

HIPAA requires the Secretary of Health and Human Services to establish national standards for electronic health care transactions such as health plan enrollment, eligibility determination, referral and authorization, billing, claims payment, remittance advice, and coordination of benefits. Health plans are required to participate in electronic transactions. Health care providers will be required to bill the Medicare program electronically, and can expect pressure from payers to engage in electronic transactions.

Given the sensitive nature of health information, the statute also requires DHHS to adopt standards for privacy of individually identifiable health information and security of health information systems. A final rule creating a minimum federal standard for privacy of health information has been enacted. Standards for security of health information systems have been proposed.

Public and private health benefit programs, health care transaction clearinghouses, and health care providers that use computers for the “HIPAA transactions” are required to comply with HIPAA and the standards established by DHHS. The law authorizes DHHS to investigate violations of HIPAA, and to fine HIPAA “covered entities” that fail to comply. It also creates criminal penalties for flagrant violations of the privacy rights of individuals.

Eventually, everyone will benefit from implementation of the HIPAA standards. Electronic data exchange will save time, increase efficiency and reduce administrative costs. In the meantime, HIPAA is a nightmare for a lot of people. The HIPAA rules and the standards adopted by DHHS are incredibly complicated. The penalties for non-compliance are frightening.

These guides provide information about HIPAA, a step-by-step guide towards compliance, checklists, forms, and links to resources that might help you. The full guide is published in electronic form on the Internet for two reasons. First, an electronic publication is searchable. Subscribers can read the guide as a book, or use the search capability to quickly find information about specific subjects. Second, federal and state law and the HIPAA standards change constantly. Publication on the Internet makes it possible to distribute updated information quickly.

Feel free to browse the Table of Contents, the Preface, the first chapter, which introduces HIPAA, and parts of the ninth chapter, which discusses the final Security Rule. The “Links” tab will connect you to a list of sites that offer useful information about HIPAA. Most of that information is available free of charge. The full text of the compliance guide and the checklists, forms and other “tools” is available to subscribers. Information about subscription to the guide can be found here.

A shorter work, devoted to the final HIPAA Security Rule is available in book form. You’ll get a loose-leaf binder with text that explains the requirements of the rule and related principles of information systems security, a Checklist to help you conduct a security risk assessment and document compliance with each of the standards and implementation specifications of the rule, model security policies, and model contracts. A CD-R disk is included to allow you to take advantage of “pull-down” menus and customize forms for your organization.

A lot of work went into creation of these Guides, and we hope they are helpful to you. But they are not a substitute for advice from a qualified professional. Please be sure to consult with an attorney before you finalize your privacy and security policies and procedures, or if you have a specific legal problem. If you need help finding a lawyer who specializes in health information technology law, please contact the American Health Lawyers Association in Washington DC. If you are concerned about the security of your computer system, please get professional help, ideally from a person who has earned the designation of Certified Information Systems Security Professional (CISSP) from the International Information Systems Security Certification Consortium.

We would be happy to hear from you if would like to arrange a private consultation or HIPAA readiness assessment. You can reach us by e-mail at info@hipaacomplianceguide.com, or call 877-721-2020.