HIPAA
AllHealthLogic
recognizes that the Health Insurance Portability and Accountability Act of 1996
(HIPAA) is an enterprise-wide concern that has major technological,
operational, administrative and procedural impacts. We have and will continue
to develop, document, implement and maintain the appropriate measures to
address HIPAA compliance in each of these areas.
We understand HIPAA’s strategic
significance and view our compliance efforts as a major corporate initiative.
We have undergone a comprehensive security risk assessment and have developed
plans to mitigate each risk discovered. AllHealthLogic has designated a HIPAA
Security and Privacy Officer who reports to our management committee to direct
these ongoing assessments and all other HIPAA compliance measures.
Additionally, AllHealthLogic’s technology partner, HealthLogic Systems
Corporation is accredited by the Electronic Healthcare Network Accreditation
Commission (www.ehnac.org). The accreditation verifies that HealthLogic
Systems has met quality standards in the areas of privacy, security, technical
performance and business practice. EHNAC’s self-assessment and site review
processes also assist entities in meeting the privacy, administration simplification
and security provisions of HIPAA.
We realize that security and privacy are essential to our business and to
yours. As a result, we are committed to helping your organization address HIPAA
requirements by protecting the security of all of the healthcare information
that AllHealthLogic processes.
Transaction, Code and Identifier
Standards
HIPAA includes provisions for the establishment of
electronic standards for the transmission of attachments. CADX© was developed in response
to this requirement. The Accredited
Standards Committee X12 has developed and approved for trial use the 277
Request for Attachments and the 275 Patient Information (Attachment) Transaction
Sets.
To date the Federal Notice of Proposed Rule Making (NPRM)
adopting these standards as HIPAA standards has not been published in the
Federal Register. The Federal Office of
HIPAA Standards has recently reported that the NPRM is expected to be submitted
by Health And Human Services (HHS) in November 2004 to the Office of Management
and Budget for final clearance for publication hopefully by January 2005. This will start a public comment period on
the proposed regulations. We strongly encourage you as a covered entity subject
to carefully review the NPRM and provide your comments to HHS. It is expected that HHS will take up to a
year to review and prepare the final rule for publication. Once the final rule is published, covered
entities will have two years and sixty days to comply. AllHealthLogic is fully committed to meeting
all of the HIPAA attachment transaction, code and identifier standards.
Security Standards
Covered entities must have appropriate administrative,
technical and physical safeguards to ensure the integrity and confidentiality
of protected healthcare information.
These safeguards must protect against any anticipated threats or hazards
to the security or integrity of such information. AllHealthLogic is committed
to complying with the applicable standards, implementation specifications, and
requirements of the HIPAA Security Final Rule with respect to electronic
protected health information (EPHI). AllHealthLogic will also comply with
individual state health information security statutes and rules. To accomplish
this AllHealthLogic will:
·
Ensure
the confidentiality, integrity, and availability of all EPHI that the company
creates, receives, maintains, or transmits;
·
Protect
against any reasonably anticipated threats or hazards to the security or
integrity of such information;
·
Protect
against any reasonably anticipated uses or disclosures of such information that
are not permitted by the HIPAA Privacy Final Rule; and
·
Ensure
compliance with the HIPAA Security Final Rule by its workforce and
subcontractors.
·
Implement
procedures to identify what individual state health care security statutes and
rules may have application; conduct a gap analysis with HIPAA’s Final Security
Rules and deploy the necessary systems to ensure compliance.
Read our Security Statement (PDF)