COMPLIANCE GOAL The HIPAA Act revolves around three sets of standards: compliance with HIPAA guidelines by protecting patient's medical privacy; maintain patient information and billing processes in compliance with national standards; provide appropriate security of patient records. These principles are the outline for the compliance program. By adhering to these three sets of standards, HIPPA compliance will be achieved. SCOPE This manual is provided as an informational tool to assist you in becoming compliant with HIPAA, a HIPPA checklist and is designed to help you work to comply federal programs’ requirements administered through HHS agencies and offices. These key programs and organizations involved in health information privacy and …show more content…
Due in part to the many agencies which are involved in the regulations which embrace the Privacy and Security Laws. For instance, current legislation is comprised of the original 1996 Healthcare Insurance Portability and Accountability Act, (HIPPA), with additional sections added; the Privacy Rule of 2000, the Security Rule of 2003 which were enacted by Congress to include a series of "administrative simplification" provisions that required the Department of Health and Human Services (HHS) to adopt national standards for electronic health care …show more content…
Breaches of information privacy can also result in criminal and civil penalties for both facility and those individuals who improperly access or disclose sensitive information, as well as disciplinary action for responsible employees. AUTHORIZATIONS Covered entities must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule. A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization. An authorization must be written in specific terms. It may allow use and disclosure of protected health information by the covered entity seeking the authorization, or by a third party. All authorizations must be in plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other