Chapter 5: Compliance and Enforcement

Previous page
Table of content
Next page

The Department of Health and Human Services (HHS) issued an interim rule; 'Subpart E-Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings' [1] on April 15, 2003. This rule amends 45 CFR subtitle A, subchapter C, part 160 and provides guidelines indicating how HIPAA will be enforced. This interim rule is not a HIPAA standard. The Department of Health and Human Services is not required to follow the same process in developing this rule as was followed in the development of the HIPAA standards.

The interim rule is effective 30 days following publication of the rule in the Federal register. Reviewers have 60 days from the time the interim rule is published in the Federal register to make their comments. The interim rule expires in 16 months and 30 days after being published. The HHS expects to have the complete enforcement rule developed at that time.

5.1 COVERED ENTITY'S OBLIGATIONS UNDER HIPAA

The Health Insurance Portability and Accountability Act of 1996, (HIPAA), Public Law 104-191. Section 1173(d) of this law states that a covered entities, their officers, and employees that maintain or transmit health information are required to:

  • 'maintain reasonable and appropriate administrative, physical, and technical safeguards'

  • 'ensure the integrity and confidentiality of the information'

  • 'protect against any reasonably anticipated threats or hazards to the security or integrity of the information

  • 'unauthorized use or disclosure of the information' ' [2]

Freshman law students immediately learn that 'reasonable' means whatever is decided by the courts. Covered entities must be prepared to re-evaluate their HIPAA implementation plans on a continuous basis and document any changes to these plans to demonstrate industry security standards, technological advances, and judiciary findings regarding privacy rights are incorporated into their organization's processes and precautions to protect and secure individually identifiable health information. The rule, 'Document, Document, Document', is a covered entities best protection to demonstrate the 'reasonable and appropriate' steps taken to meet the HIPAA law.

[1] http://www.hhs.gov/ocr/moneypenalties.html

[2] http://www.cms.hhs.gov/hipaa/hipaa2/regulations/security/default.asp



Previous page
Table of content
Next page
HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
Year: 2003
Pages: 181
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
The .NET Developers Guide to Directory Services Programming
Oracle Developer Forms Techniques
C++ GUI Programming with Qt 3
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Ruby Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy