HIPAA Compliance

The term HIPAA compliance can mean different things to different people. However, there is little doubt that complying with the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act can be beneficial for all types of organizations, for the people who work for them, and for the individuals served by them. 

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 with the primary objectives of increasing the portability of health insurance between jobs and prohibiting practices that denied or limited access to health care benefits – such as denying covering or enforcing higher co-pays for individuals with pre-existing conditions.

To prevent the cost of these objectives being passed on to health plan members and employers in the form of increased premiums, Congress introduced measures to tackle fraud in the health insurance industry and instructed the Secretary of Health and Human Services to develop standards for transactions between health plans and healthcare providers to increase efficiency.

Because an increasing number of transactions were being conducted electronically, the Secretary of Health and Human Services was also instructed to develop standards for the security of electronic transactions and to make recommendations for the privacy of health information – specifically with regards to individuals´ rights and permissible uses and disclosures of PHI.

These instructions paved the way for the publication of the Security Rule and the Privacy Rule and the requirement for Covered Entities and Business Associates to comply with these Rules. Later amendments to HIPAA via the HITECH Act resulted in a third compliance requirement – the requirement to comply with the Breach Notification Rule.

The Benefits of HIPAA Compliance for Organizations

The benefits of HIPAA compliance for organizations vary according to the nature of each organization´s business. For many Covered Entities, HIPAA compliance can mean benefitting from the efficiencies created by the standardization of identifiers, code sets, and the operating rules for transactions such as eligibility checks, claims statuses, and fund transfers.

In addition to the administrative benefits of HIPAA compliance, healthcare organizations have also benefitted from the amendments to HIPAA introduced via the HITECH Act. These enabled the Meaningful Use program – which incentivized the use of health IT technology and led to the more efficient delivery of health care and a reduction in medical errors.

Business Associates can also benefit by demonstrating compliance with HIPAA when Covered Entities conduct due diligence on their operations. Given a choice between two organizations – one who is HIPAA compliant, and one who isn´t – a Covered Entity have no option but to engage the services of the organization who will ensure PHI remains secure.

The Benefits of Compliance for Healthcare Workers

The benefits of HIPAA compliance for healthcare workers are closely aligned to the patient experience. When patients are confident their private healthcare information will remain private, research shows patients are more willing to share information with healthcare workers. This enables healthcare workers to make better treatment decisions, which can result in better patient outcomes.

While this could be considered as a benefit of HIPAA compliance for patients, better patient outcomes typically raise workforce morale, which – for individual healthcare workers – results in a more rewarding work experience. Indirectly, this implies that the benefits of HIPAA compliance for healthcare workers can be greater satisfaction and motivation.

Additionally, HIPAA-trained healthcare workers have knowledge they can take to any place of work. While a knowledge of compliance may not be a requirement for a better paid job, it can be a determining factor for a prospective employer when multiple candidates with similar professional skills apply for the same position.

The Benefits of Complying with HIPAA for Individuals

One of the benefits of HIPAA compliance for individuals has already been mentioned inasmuch as being more trusting that health information will remain private encourages patients to be more forthcoming about healthcare issues and this can result in better outcomes. The same could apply to plan members being more forthcoming and benefiting from more appropriate health insurance.

However, in addition to trusting that their health information is secure, it is important for individuals to trust that, if their health information is hacked or disclosed impermissibly, they will be informed about the incident as quickly as possible. The speed of a breach notification and the content of the notification can help individuals take steps to protect themselves from fraud, theft, and loss.

This is quite an important part of HIPAA compliance that can help regain trust after a data breach or impermissible disclosure and it is important for Covered Entities and Business Associates to be aware that training on Breach Notification Rule policies and procedures must be provided under the training standard in §164.530 of the Privacy Rule´s Administrative Requirements.

The Importance of Effective HIPAA Compliance Training

The training standards in HIPAA (in §164.530 and §164.308) can leave gaps in HIPAA knowledge and compliance. This can be due to risk assessments failing to identify avoidable risks, analyses of assessments being misinterpreted when policies and procedures are being compiled, or the failure to provide effective training on the policies and procedures in the context of HIPAA.

The benefits of effective HIPAA compliance training are clearly worth pursuing; and, if you are a member of a Covered Entity´s or Business Associate´s workforce with the responsibility for HIPAA compliance, and you could benefit from help with developing your organization´s HIPAA training curriculum, you are advised to speak with a compliance professional.