| Why are new Security and Electronic
Signature standards needed?
There were no existing standards that provided comprehensive and
uniform protection of individual health information. HIPAA's new
security standards will permit appropriate access and use of an
individual's health information by health care providers, clearinghouses,
and health plans while providing appropriate safeguards against
misuse and dissemination.
Who must comply?
All healthcare providers, healthcare clearinghouses and health plans
that electronically maintain or transmit health information pertaining
to an individual must comply with the standards.
Additionally, failure to achieve compliance with HIPAA could find
hospital executives, physicians and others facing fines of up to
$25,000. Certain criminal violations could cost individuals and
organizations $250,000 and up to 10 years in jail!
What are the cost implications?
Many experts in the industry estimate that the impact and cost of
HIPAA and the organizational changes required for implementation
will significantly dwarf the expense of preparing for Y2K. Additionally,
unlike one-time Year 2000 preparations, information security will
become an annual IT budgetary cost for training, evaluating, inspecting
and updating security systems and policies.
|
Does the Security Standard require the use of specific
technologies?
No. The Security Standard is "technologically neutral"
in order to facilitate use of the latest and most promising technologies
that meet the needs of different healthcare organizations. While
all organizations will be required to meet the basic requirements,
particular solutions will likely vary based upon organizational
size and complexity.
How will smaller providers be affected?
The proposed security standard does not require extraordinary
measures. It involves taking actions that assure the security
of the information to be protected. The requirements of the standard
may be implemented in a number of ways, depending upon the security
needs and technologies in place at each business.
Is it mandatory to use an electronic signature?
No. At this time, none of the transactions adopted under HIPAA
requires an electronic signature.
Do the Security Standards apply to paper documents?
The most significant change from the proposed regulations is that
they now extend to all individual identifiable health information
in the hands of covered entities, regardless of whether the information
is or has been in electronic form. This includes purely paper
records and oral communications.
|
