HIPAA Security Rule
Sue
64 Posts
We are a small manufacturer and I need to research what I have to do to comply with the April 20 deadline on the HIPAA Security Rules. When we put our HIPAA Privacy Practices in place over a year ago - it only affected our flexible benefits plan.
Does anyone have some quick and easy answers on this? Help!
Does anyone have some quick and easy answers on this? Help!
Comments
Group health plans that create or use personal health information (PHI) in electronic form may be considered covered entities that must comply with HIPAA’s security rule. Electronic forms include information stored on computers’ hard drives or sent on the Internet, for example. The security rule says how electronic PHI must be protected while in the control of a covered entity.
If your health plans are fully insured and you receive no PHI from your carriers, you probably won't have a significant compliance burden under the security rule.
If you are covered, you generally must designate a security official (similar to how you designated a privacy official under the privacy rule), implement security standards for electronic PHI, develop written policies and procedures, train employees with access to electronic PHI, amend plan documents, and revise business agreements.
You also can call in to M. Lee Smith Publishers’ upcoming 90-minute audio conference on this very topic, titled “Meeting HIPAA’s April 20 Compliance Deadline for Small Plans,” and scheduled for this coming Monday, March 27, starting at 10 a.m. CST. More information on the audio conference is found at the hrhero.com website; just click on audio conferences on the left of your screen. And, of course, check with your company’s attorneys for legal advice.
Kathy Carlson
Group Publisher, Benefits and Workers Comp
M. Lee Smith Publishers