|
DMAS then leveraged its regulatory knowledge in
2001 when ask to participate in a
joint venture specific to the Health Insurance Portability
Accountability Act (HIPAA) of 1996.
DMAS developed a
comprehensive suite of services and bundled product to facilitate
regulatory compliance in the health care industry.
The HIPAA Privacy Rule
took effect on April 14, 2003. The HIPAA Privacy Rule regulates the disclosure
of information held by "covered entities" (generally, health
care clearinghouses, employer sponsored health plans, health insurers,
and medical service providers that engage in certain transactions.) It
establishes regulations for the use and disclosure of Protected Health
Information (PHI). PHI is any information held by a covered entity which
concerns health status, provision of health care, or payment for health
care that can be linked to an individual.
The Final Rule on
Security Standards was issued on February 20, 2003. It took effect on
April 21, 2003 with a compliance date of April 21, 2005 for most covered
entities and April 21, 2006 for “small plans.” The Security Rule
complements the Privacy Rule. While the Privacy Rule pertains to all
Protected Health Information (PHI) including paper and electronic, the
Security Rule deals specifically with Electronic Protected Health
Information (EPHI). It lays out three types of security safeguards
required for compliance: administrative, physical, and technical. For
each of these types, the regulatory rules identify various security standards, and
for each standard, it names both required and addressable implementation
specifications. Required specifications must be adopted and administered
as dictated by the Rule. Addressable specifications are more flexible.
|
.gif)
