|
|
HIPAA Compliance Information
On August 21, 1996, the Health Insurance Portability and Accountability Act
of 1996 (HIPAA) was enacted to facilitate health insurance portability, reduce health care fraud and abuse, protect the
security and privacy of health information, and enforce standards regarding health information. Although restrictions on
the dissemination and use of health care data are not new, recent advances in both technology and its proliferation have
worked with other forces to create heightened public and regulatory focus on this area. MedVoice is committed to both the
intent and the letter of HIPAA.
Click here to learn what the US Department of Health & Human Services is saying about how
the HIPAA Privacy Rule applies to MedVoice services.
What is HIPAA?
HIPAA incorporates an Administrative Simplification section that includes:
- Electronic transaction standards for health information.
- Privacy of patient identifiable information.
- Security of electronic health information.
Of the three sections, only the "Privacy of patient identifiable information" and the "Security of electronic health
information" pertain to MedVoice 's services.
The HIPAA regulations regarding privacy of patient information took effect on April 14th, 2001, with compliance mandated by
April 14, 2003. Although the final rule has significant changes from the initial proposed rule, what has not changed is the
underlying purpose of the rule: to balance information exchanges that are used to improve clinical and marketing efficiency
for consumers with safeguards to protect health information from indiscriminate viewing or distribution. Under HIPAA, our
clients will be required to gather patient consent prior to relaying information via our MedVoice-Results or MedVoice-Remind
services. Such consent will be a one-time occurrence that patients provide via a consent form. If you have not already done
so, MedVoice representatives can assist you in adding the correct phrasing to your current consent form.
The final date for compliance on the security regulation is April 20, 2005. At its very core, there are four measures that covered entities will be required to implement to ensure adequate protection of health information: Administrative Security, Physical Data Security, Technical Security, and Electronic Security.
Medvoice Initiatives
Although MedVoice is not considered a Covered Entity, we are still taking steps to safeguard patient information.
- Designated compliance personnel. MedVoice is committed to maintaining the integrity and security of its
clients' data in accordance with applicable law. To support this commitment, MedVoice has taken action to
monitor HIPAA rules and support compliance with the regulations. In particular, MedVoice has designated
key individuals to oversee HIPAA privacy, security and contractual developments, and compliance.
- Maintaining security. MedVoice safeguards the security of health care data through strict administrative and
technical standards. At the technical level, MedVoice maintains a protected environment by utilizing measures
such as user-specific database access privileges, internal and external user authentication, secure and
encrypted electronic transmission of patient data, and active intrusion detection. Administrative safeguards
include the long-standing requirement that any MedVoice employee handling patient identifiable data sign a
confidentiality and non-disclosure agreement related to such information. MedVoice expects to audit its
security infrastructure as soon as the final security regulations are published.
- Amendments to contracts. Clients of MedVoice provide patient identifiable data for use in various services
offered by MedVoice . HIPAA regulations specify that the provision of such data needs to be accompanied by a
business associate agreement between MedVoice and the client providing the data. The regulations require
adequate assurances by business associates to safeguard protected health information. As a business
associate under these regulations, MedVoice will modify its contractual provisions as necessary to
support our clients' compliance with these requirements.
MedVoice 's mission is to improve the clinical and financial performance of all participants in the health care industry,
resulting in higher quality and more cost-effective care. To that end, we will continue to provide clients with accurate
information to help them make sound, informed decisions regarding issues of patient confidentiality.
Copyright 1996-2007 MedVoice International, LLC.
|
|
