MediNet® Management Services, Inc. - HIPAA Security Compliance

THE INDUSTRY NEED

The Health Insurance Portability and Accountability Act was passed on August 21, 1996. The Legislative/Regulatory Timeline set forth by the Department of Health and Human Services set the final Compliance Date to be April 21, 2006. As of this date, any healthcare facility found to lack compliance and/or implementation of the HIPAA regulation is to be assessed civil and/or criminal penalties to range up to $25,000 (maximum Civil penalty) or $250,000 (maximum Criminal penalty). In adition, for blatant lack of implementation or compliance within “covered entities”, the Department of Health and Human Services may restrict their ability to process insurance claims indefinetly, effectively crumbling a facilicity’s ability to stay in business.

MEDINET® AUDIT SERVICES (THE ANSWER)

The HIPAA regulation is comprised of two major regulatory requirements: Privacy and Security. Our company addresses the Security requirements within HIPAA.

Per HIPAA regulation, each Healthcare facility must have at least one Privacy Officer and one Security Officer. These individuals are responsible for implementing the HIPAA standards within their facilities. It is often the case that many of these HIPAA Officers need help to understand the cumbersome, everchanging requirements of the regulation. In some cases, it's hard to even begin the implementation process, while is others, HIPAA Officers may have implemented policies and procedures which internal departments deem as compliant, yet "readiness" was never audited. However, unless “reasonable and appropriate” action has been taken in order to continuously assess and audit their HIPAA readiness, they are not compliant. Such “reasonable and appropriate” action is approved by the DHHS and the American Hospital Association to be an unbiased, third-party Audit which assesses the facilities’s compliance with existing HIPAA regulation.

Our company provides HIPAA Security Audits & Services in order to report HIPAA readiness to Management personel directly involved and responsible for the HIPAA implementation process. As such, we Audit the existing Information Technology infrastructure, as well as physical barriers set in place in order to stop unlawful dissemination of PHI (Protected Health Information). Moreover, our company audits existing security Policies and Procedures in order to discover any lack of compliance.

The final delivery product of our Audits is a comprehensive report to Management about the current status of the facility’s compliance with HIPAA standars. Should any section of the Audit show lack of compliance (in other words, FAIL), we provide a recommended course of action to remedy the existing issue; most of the time our clients hire us to perform remedial action in order to bring the facility within compliance with the HIPAA section they failed during the Audit.

By hiring our company, a healthcare facility complies with the HIPAA regulation by having its Security Infrastructure, as well as HIPAA Security Policies and Procedures, audited by an unbiased third party - our firm. Further, if we are hired to provide remedial action, the facility will have a “clean HIPAA bill of health” assessed by our firm. Other clients, to keep their compliance and outsource the liability, sign multi-year contracts, which require our firm to Audit and remedy for HIPAA readiness quarterly or bi-yearly.

If you need to determine your level of compliance with the Security Provisions of HIPAA, MediNet® can help. Contact us and ask for the HIPAA Security Audit Department, or select extension *818 from the main menu. Our HIPAA Executive Manager will be at your service and will assist you with any HIPAA questions you may have.