What is HIPAA for Healthcare?

Title I: HIPAA Health Insurance Reform

This aims to preserve coverage of health insurance for those who have switched or lost their jobs. It limits group health plans from denying to cover people who have pre-existing illnesses or conditions and prevents them from establishing limits for life coverage.

Title II: HIPAA Administrative Simplification

This points to lead the United States Department Of Human Services and Health to regulate the processing of electronic healthcare transactions globally. It needs the systems to achieve a safe electronic introduction to the patients' health information, dwelling in agreement with the privacy laws which were established by the HHS.

Title III: HIPAA Tax-Related Health Provisions

This is linked to tax-related provisions, as well as common medical care guidelines.

Title IV: Application and Implementation of Group Health Plan Requirements

This represents a further improvement in health insurance, including plans for those who have pre-existing illnesses or diseases, and somebody who is requesting sustained coverage.

Title V: Revenue Offsets

This includes terms connected with company-owned insurance and the medical care of those who are lacking their citizenship for income tax reasons.

Administrative Safeguards

This includes policies and procedures intended to simply show how the entity will comply with the act of:

• Covered entities (entities that are under HIPAA) must use a written set of privacy plans and assign a privacy officer to be answerable for promoting and implementing all needed policies and methods.
• Plans should recognize employees or classes of employees who have access to electronically protected health information (EPHI). Access to EPHI must be limited to only those employees who require it to complete their job role.
• Authorization, establishment, modification, and termination must be addressed by the procedure.
• Entities must show that a proper ongoing training program concerning the treatment of PHI is given to employees working health plan administrative functions.
• The instructions for addressing and responding to security breaches that are recognized both while the audit or the normal course of operations should be documented in the procedure.

Physical Safeguards

• Managing physical access to guard against improper access to protected data
• Monitored and controlled access to the equipment having health information.
• Only authorized persons must be allowed to access hardware and software.
• Workstations should not be in a high traffic area and monitor screen should be removed from the direct view of the public. Rules are needed to address the correct use of the workstation.
• If the covered entities employ contractors or agents, they too must be fully prepared on their physical access duties.

Technical Safeguards

• Regulating access to computer systems and allowing covered entities to protect communications holding PHI transmitted electronically across open networks from being blocked by anyone other than the designated person.
• Information systems covering PHI must be guarded against intrusion. When data flows across open networks, some form of encryption must be used. If closed systems/networks are used, current access controls are supposed adequate and encryption is optional.
• Every covered entity is responsible for assuring that the data within its systems has not been modified or deleted in an unauthorized way.
• Checksum, double-keying, message authentication, and digital signature must be used to assure data integrity.
• Information technology documents must include a written record of all configuration settings of all parts of the network as these parts are complicated, configurable and keep changing.