Health Insurance Portability and Accountability Act - Protecting your patients' health care data.
HIPAA addresses the security and privacy of electronic medical data to ensure administrative, physical and technical safeguards are maintained.

This ruling governs health plans, health care clearinghouses and health care providers. It also impacts any company that provides services to the health care industry, described as business associates.

The April 2005 deadline is fast approaching and still many organizations are waiting to see what happens to those that don't comply. The opinion is that non-compliance and the fines imposed by a breach would be less costly than working towards compliancy. This can be a dangerous position. It only takes one instance of a breach to have a class-action suit that could bring the organization to its knees. HIPAA is an ongoing process and it's never too late to start.

Having a thorough security assessment conducted by an unbiased consulting firm, such as NCX Group, will identify where vulnerabilities are within your processes, help prioritize security risks, and specify steps to mitigate deficiencies. A security review will not only lay the groundwork for compliancy, but also establish a clear-cut path that reduces unnecessary costs while implementing the correct technology to adhere to HIPAA regulations.

HIPAA also requires organizations to periodically reassess security to make sure organizations stay on guard.

For information on NCX Group's Secure24 Comprehensive Security Review, please click here.

HIPAA is a set of federal regulations intended to protect and simplify the exchange of health care data. Full compliance requires that covered health care companies understand the threats and liabilities to protected health information and that they implement a wide variety of safeguards and security best practices.

	Who is Affected? Every company that transmits protected health information in electronic form, which includes health care providers, health plans and health care clearinghouses. These organizations are referred to as covered entities.
	What's Covered? Patients' medical records and other personal health care information known as electronic protected health information.
	Key Dates April 14, 2003 Privacy Rule Deadline (except for small health plans) April 16, 2003 Deadline for starting systems testing Oct. 16, 2003 Deadline for Transactions and Code Sets compliance April 14, 2004 Privacy Rule Deadline for small health plans April 21, 2005 Security Compliance Deadline
	Penalties for non-compliance $250,000 in fines and jail time of up to 10 years
	What can you do? Improving your network security is always cheaper than reacting to a security breach. Understanding and controlling the threats to protected health information requires continuous risk management. Key aspects of mitigating these risks are: Obtain regular independent information security evaluations. Implement controls that assess information security risks. Document and review information security processes.
	Other HIPAA Resources These links will open in a new window: Official site U.S. Dept of Health & Human Services Bill summary and status

This information is provided as a service based on NCX Group''s interpretation of the Health Insurance Portability and Accountability Act. NCX Group, Inc. assumes no liability for any errors, omissions or misinterpretations arising from this information. Always consult an attorney for specific legal information.

Return to Security Compliance Home Page