|
Health Insurance Portability and
Accountability Act (HIPAA)
The
Health Insurance Portability and Accountability Act is US
Federal legislation covering patient confidentiality.
Organizations that must adhere to HIPAA regulations include
insurance companies, healthcare providers, HMO's, pharmaceutical
manufacturers, pharmacies and any other organization that
handles or stores patient medical records. HIPAA went into effect on
12/20/00 and large organizations had to comply with HIPAA
regulations by 11/15/04.
HIPAA requires, among other things, that:
-
Healthcare
organizations must have in place appropriate safeguards to
protect the privacy of personal healthcare information.
-
Organizations
must document their policies and procedures for
the use and disclosure of such information including
monitoring and mitigation.
-
Organizations
who are aware of wrongful activity and fail to enforce
confidentiality policies may be held responsible for
violations.
This
means that policies controlling access to patient information
in applications, databases and data warehouses must be
strictly enforced and that an audit trail of who has accessed
the patient information must be maintained.
Source:
Health Information Management Association
|