The Key Requirements of HIPAA and Video Conferencing

HIPAA strongly regulates how PHI may be used, and when and how it may be shared with business partners. HIPAA required the Department of Health and Human Services to establish new rules designed to ensure patient privacy, patient safety and quality of medical care. More specifically, these rules require the establishment of:

1. Standardization of electronic patient health, administrative and financial data (Basically, implementing a national standard – or one format – for PHI documents and codes within the documents, to simplify and improve transaction efficiency)

2. Unique health identifiers for individuals, employers, health plans and health care providers

3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

While the first two requirements appear fairly easy to understand and implement, the third requires more details. In fact, it’s been divided into two "steps" that give those affected myriad guidelines that build off each other.

            1. The Privacy Rule, which required compliance for most organizations by April 14, 2003, requires affected organizations to guard against misuse of personally identifiable health information and limit the sharing of such information, whether or not the information has been in electronic form. The Privacy Rule also grants consumers significant rights regarding the use and disclosure of their health information, including letting them determine who can have access to their information. It also establishes business associate agreements that impact how business associates (such as information technology vendors) can access and disclose PHI.

            2. The Security Rule, which required compliance by April 21, 2005, requires affected organizations to implement basic safeguards to protect electronic PHI from unauthorized access, alteration, deletion, and transmission. The security standards define the administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI. Required safeguards include application of appropriate policies and procedures, safeguarding physical access to electronic PHI, and ensuring that technical security measures are in place to protect networks, computers and other electronic devices. The administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI include such significant requirements as:

• Assigning a unique name and/ or number for identifying and tracking user identity 
• Implement a mechanism to encrypt and decrypt electronic protected health information
• Implementing hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic PHI 
• Implement policies and procedures to protect electronic PHI from improper alteration or destruction 
• Ensuring authentication, access controls and access monitoring in part by requiring proper use of user IDs and passwords to make certain that any user claiming access to a system is who he/she claims to be.

For more information on VIA3 or HIPAA Compliant video conferencing, visit http://www.ehealthvideoconferencing.com/ or send us an email to media@via3corp.com.

Get 3 free Professional VIA3 web conferencing licenses 3 full months. USE code VIA3BLOG @ https://www.via3.com/Forms/Register/Register.aspx