The Documentation-Coding Connection: Compliance with security rule to require vigilance
Compliance with security rule to require vigilance
A looming deadline for the health care industry to comply with privacy regulations gains more significance with release of an additional 45 pages of regulations that include yet another compliance date.
The U.S. Department of Health and Human Services (HHS) has issued the finalized security standards for the Health Insurance Portability and Accountability Act (HIPAA) in the Federal Register. The security guidelines are intended to safeguard protected health information (PHI) maintained or transmitted in electronic form.
The security guidelines have a compliance date of April 21, 2005 — following the mandated 60-day comment period after being published in the Federal Register and a 24-month review under HIPAA’s own statutes. The rules are being published nearly five years past an original deadline of Feb. 28, 1998.
"Overall, these national standards required under HIPAA will make it easier and less costly for the health care industry to process health claims and handle other transactions while assuring patients that their information will remain secure and confidential," said HHS Secretary Tommy Thompson. "The security standards in particular will help safeguard confidential health information as the industry increasingly relies on computers for processing health care transactions."
"We took great care to address every detail and produce a rule that health care providers will find easy to understand and implement," said Centers for Medicare & Medicaid Services administrator Tom Scully.
Redundancies eliminated
The new security rules fulfill an HHS promise to mesh the security rules and the privacy rules, according to an analysis issued by Washington, DC-based law firm Davis Wright Tremaine. "The new rules discard much of the proposed security rules" terminology in favor of definitions in common with the privacy rules, the firm said.
A number of redundancies and overlaps have been eliminated from the proposed rules and "streamlines" the security rules in comparison to what was proposed, the report concludes.
The rules are more generic in guidance rather than a list of detailed requirements, the firm said. "This means that the new rules are less a series of checklists and more a description of principles for each covered entity and business associate to evaluate and apply, based on the entity’s specific situation," according to its report.
A looming deadline for the health care industry to comply with privacy regulations gains more significance with release of an additional 45 pages of regulations that include yet another compliance date.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.