HIPPA – Health Insurance Portability and Accountability Act PDF Print E-mail

Overview

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the US Congress in 1996.

HIPAA administrative simplifications calls for standard handling and exchanging electronic patient health, administration and financial data. It requires unique health identifiers for individuals, employers, health plans and health care providers. HIPAA mandate that any organization that deal with electronic patient health care information protect the security and confidentiality of that data.

Who is affected by this law?

Organizations that provide any service to handle patients or data about the patient must abide to this law including but not limited to hospitals, health care facilities, physicians, health plans, health care billing services, pharmacies, laboratories and donors banks.

What are the HIPAA requirements as the are related to Email?

The HIPAA Security Rule requires that controls and safeguards be established to

1. Ensure the confidentiality, integrity, and availability of electronic protected health information

2. Detect and prevent reasonably anticipated errors and threats due to malicious or criminal actions, system failure, natural disasters, and workforce (user) error. Such events could result in damage to or loss of information, corruption or loss of data integrity, interruption of business activities or compromise the privacy of patients, employees, and its records

3. Electronic transmission are just as important as paper transactions with similar content, so therefore needs to be preserved

Under HIPAA any protected health information that is transmitted through email, health care providers and plans, and their partners and vendors will have to comply with the requirements to keep that information confidential and secure.

In addition, the archiving and retention of emails containing protected health information is covered under HIPAA, as well. These regulations apply to all companies that deal with health care information such as hospitals, physicians, pharmacists, nurses, clinics, insurance companies, and medical billing agencies. Failure to demonstrate compliance with these regulations can result in severe consequences ranging from litigation to penalties.

A compliant email archiving system needs to have hierarchical and roles based permissions systems in place to ensure authorized access to all or portions of the archive. The storage containers themselves need to be kept in a secure facility, with limited access. The archive needs to be be able to search all e-data stored, and yield results quickly. Finally, the system needs to have an auditing system that tracks all accesses and notify the Privacy Officer if the unauthorized or irregular access occurs.

 

Quick Links

About Links:           MIAGD Overview  |  Why MIAGD?  |  Testimonials  |  Partners  |  Contact Us
Product Links:       AdvisorFlex™ 2.0 Websites  |  Client Portals  |  AdvisorEmail™  |  Dynamic Presentations™
                                  Advisor-Blogs™ | Advisor-Podcasts™  | Advisor Collateral™  |  Branding, Forms & More
Resource Links:   Our Blog  |  Market Summary  |  Web Links  | Calculators | Contact Us