On April 14, 2004, new privacy rules go into effect for smaller businesses. Under the new rules, health related information received in connection with a health benefit plan cannot be used when making employment-related decisions. HIPAA (which stands for Health Insurance Portability and Accountability Act of 1996) mandates a privacy shield around employees’ personal health information.
What is a violation of HIPAA? The kind of thing that goes on routinely in most small and midsize privately-owned businesses. Have an employee who contracts a serious disease like multiple sclerosis? Expect your HR clerk to tell you, because it is going to jack up your company’s premiums? Think again. That’s a violation of HIPAA.
What small and midsize businesses will need to do is build a “Chinese wall.” Businesses have to isolate health-related information and keep it separate from other employment-related data. This applies to both hard copy data and electronic data. Businesses have an obligation to keep health information secure and protected from prying eyes.
Health information can only be distributed on a need-to-know basis. And the definition of who needs to know is extremely narrow–just the person handling claims, and not 6 or 8 other employees. Even the person’s manager or the business owner(s) shouldn’t be in the loop.
For more information about HIPAA, visit the government’s special HIPAA Web pages designed for small and midsize businesses.
What do these new rules mean? They suggest a boomlet (in some cases already underway) for certain kinds of service providers:
- – A whole field of consultants has popped up. We are seeing more experts in this field, designing entire practices around advising businesses about HIPAA compliance. Just do a search on Google or one of the other major search engines for “HIPAA consultant” or even just “HIPAA” and you will see how many service providers have jumped on the HIPAA bandwagon.
- – Lawyers who advise small and midsize businesses need to be aware of the new rules so they can proactively advise their clients.
- – Software and Web developers will experience increased demand to make electronic information secure. Especially as the realization sets in as to how far reaching HIPAA can be.
- – Outsourcing of handling of health insurance claims will continue to grow–either to insurance administrators or PEOs (professional employer organizations) or similar third parties. HR in general has become so complex that many companies find it cheaper and easier to outsource than to build all that specialized expertise internally.
I would like to introduce one website for your website visitors who are interested to know more about HIPAA compliance. How small and big business are effected? and how they can deal with HIPAA regulations along with other regulations which are important for many small and big business, the regulations like SOX, OSHA, ISO17799, etc. This website acts as a resource to find more information on many regulatory authorities http://www.compliancehome.com/topics/HIPAA/
If one needs to have a deep understanding of HIPAA and more information on HIPAA training and also HIPAA template suite along with enterprise contingency plan template suite which any organization, small or big, can use to meet their compliance requirements of Sarbanes Oxley (SOX), FISMA, ISO 17799 or any other regulation/standards requiring business impact analysis, risk assessment, disaster recovery planning (DRP), business continuity plan (BCP) and Testing & Revision of Plan, they can discover it at training-hipaa.net website by following the links given below
HIPAA Privacy and Security Certification Training
http://www.training-hipaa.net/certification_training/com_privacy_security.htm
Enterprise Contingency Plan Template Suite
http://www.training-hipaa.net/template_suite/enterprise_contingency_plan_template_suite.htm