Blog

Home / Blog

WHAT IS HIPAA COMPLIANCE? WHO MUST BE HIPAA COMPLIANT?

Share Button

The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, is a series of rules and regulations that govern the use and disclosure of protected health information (PHI). HIPAA compliance is monitored by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

It is essential that a HIPAA Covered Entity or a Business Associate with access to Protected Health Information understands the rules and how to become HIPAA compliant. Ignorance of rules is no defense against enforcement action.

Any demographic data such as names, addresses, phone numbers, social security numbers that can be used to identify a patient in a covered entity is Protected Health Information. PHI that is electronically stored, transmitted, or accessed is known as electronic PHI or ePHI and is regulated by the HIPAA Security Rule. The Rule was adopted as more covered entities were replacing paper with technology.

The HIPAA Security Rule established country-wide regulations for protecting PHI when it is handled electronically by a covered entity or business associate. Standards that should be maintained for the integrity and safety of ePHI are spelled out in this Rule. It covers the physical, administrative and technical safeguards that should be adhered to by a healthcare organization.

The HIPAA Privacy Rule has standardized the various laws relating to how providers and payors can use patient data and the patients’ rights to PHI. The Privacy Rule pertains to covered entities only.

The HIPAA Breach Notification Rule contains a set of guidelines that covered entities and business associates should follow in the event of a data breach containing PHI or ePHI.

The HIPAA Omnibus Rule was enacted to apply HIPAA to business associates, in addition to covered entities. The Rule mandates that business associates must be HIPAA compliant. Further, the rules relating to Business Associate Agreements (BAA) are outlined. BAAs are contracts that must be executed between a covered entity and business associate–or between two business associates–before any PHI or ePHI can be transferred or shared.

Bristol Healthcare Services is a medical billing company serving healthcare professionals for more than two decades. We are a HIPAA compliant company following all the rules and guidelines stipulated for Business associates. Staff is educated on HIPAA guidelines. We follow all the protocols for securing the safety of patient data.

While being compliance-oriented, our services are geared towards submitting clean claims and getting you reimbursed quickly. We believe in growing along with our clients.

Partner with us for a mutually rewarding relationship!