- operating rules for each of the HIPAA covered transactions
- a unique, standard Health Plan Identifier (HPID)
- a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.
In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.
Are you HIPAA compliant? Would you know if you were not HIPAA compliant? Below are a few tips to become HIPAA compliant.
How to be HIPAA Compliant
- Check all your electronic safeguards, including network encryption, anti-virus software and email encryption. This is likely the most important part of HIPAA compliance because hackers seek out weak or unprotected networks. Have a security risk analysis performed yearly on your network.
- Ask patients to sign forms specifying who is and is not allowed access to their records beyond the standard of doctors and insurance companies. This could include family members, employers or friends whom they trust to view their information.
Verify authorization and identity before releasing information to any person or company. Ask security questions or personal information such as social security number and date of birth to ensure you are speaking to the correct person. If a form is emailed or faxed authorizing the release of records, check the patient’s signature against the signature on the form to ensure they match.
- Check to see what type of information the person or company is authorized to receive. Health insurance companies are usually authorized to all information, while a patient may only want a family member to have access to certain parts of his medical information.