Section 264 of Title II, Standards for Privacy of Individually Identifiable Health Information (IIHI) (the Privacy Rule), falls under the jurisdiction of the Department of Health and Human Services’ Office for Civil Rights (OCR) and pertains to all patients’ protected health information (PHI) in any format-electronic, written, verbal, or image. This rule applies to three types of covered entities: health care plans, clearinghouses, and providers; compliance was required by April 2003.
Priority 1: Security
Health care providers initially concentrated on EDI by submitting standardized electronic claims via their practice management systems (PMS) to clearinghouses or insurance companies. Only a handful of administrative parties were privy to a limited amount of patient information, such as diagnosis or procedural codes.
Now that the technology has advanced and providers are beginning to use EMRs, e-prescribing, and online communications, all of a patient’s IIHI is available to numerous clinical and administrative people in multiple locations, 24/7. Although security and privacy standards have becoming increasingly commingled, it is the security standard that dominates HIPAA compliance in the electronic office.| ← Previous | | | Next → | Single Page