HIPAA Compliance In A Technical World

The way people do business today relies more and more on internet connections and ?virtual? phone lines. This presents a problem for those in the medical industry and those required by the Department of Health and Human Services to follow the guidelines of The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Those companies that deal with Personal Health Information (PHI) want to make sure that they are able to keep up with technology, and all the convenience and efficiency that it has to offer, yet at the same time ensure that the technology does not put their clients? confidential information at risk. One such technology that those in the medical industry are finding numerous benefits to is virtual fax.

The benefits of virtual fax can be summed up in one word: efficiency. With a virtual fax there is no longer any need to go back and forth from the fax machine for sending or receiving faxes. All faxes can come into an email address or internet control panel and faxes can be sent right from the desktop as well. Since the faxes are digital, it is possible to clean up any paper trail and keep a digital file of all important correspondence. Another added benefit is the ability to rid the office of the bulky fax machine with all of the maintenance and upkeep that goes along with it. While it is easy to see how any office can benefit from the use of virtual fax, it may not be as obvious as to how they can do so and still stay HIPAA compliant.

There are four categories of security requirements under HIPAA and it is the consumer?s responsibility, according to the HIPAA regulations, to examine the technology employed by a virtual fax provider and determine how to use it in a compliant manner. Here are some things to look for in a virtual fax provider that help medical providers maintain compliance.

1.Administrative Procedures ? A virtual fax provider should have documented, formal practices to protect data and limit access to files. Most virtual fax providers will have policies that allow access to fax messages for the purpose of maintenance, customer service, repair, and backup, or in response to legal inquiries or warrants that legally force the disclosure of the messages or documents from courts or government agencies.

2.Physical Safeguards ? A virtual fax provider should be able to protect data from fire, other natural and environmental hazards and intrusion. A provider should have measures in place that include an industry standard fire safety system, off-site backups, and industry standard security systems to protect Personal Health Information from physical vulnerabilities.

3.Technical Security Services ? a virtual fax provider should have measures in place to protect information and control individual access to information. There are usually 3 ways to access documents in a virtual fax system and each one should have their own independent security measures.

?Access to a virtual fax system by phone should be restricted with PIN access.
?Email delivery of virtual fax messages should be sent using encryption technology. An added security feature is the ability to have the email delivery of fax documents configured for a ZIP format with password/encryption.
?Virtual fax access over the internet should also be PIN protected as well as be secured by industry standard protocols and encryption algorithms. An added security feature would be that the internet portal?s identity be verified by an SSL certificate.

4.Technical Security Mechanisms ? A virtual fax provider should be able to guard against unauthorized access or loss of data over the communications network. Data storage systems should implement industry standard fault tolerant measures to prevent data loss due to storage media failure. Databases and storage systems should be protected by battery backup technology to protect against potential data loss due to power failures. In addition, servers should use a measure comparable to FreeBSD UNIX to prevent unauthorized access and data security compromise.

For a medical provider in a technical world it can be difficult to keep up with all the current technology and still be sure to follow all the guidelines they are subject to. While ultimately it is the consumer?s responsibility to determine whether or not a virtual fax provider allows them to maintain HIPAA compliance, many providers already have security measures in place that can help them stay within the guidelines they are subject to.
Brandi Cummings, an expert in the field of virtual telecommunications, recommends checking out http://www.Fax800.com, a leading provider of internet fax technology for small businesses.

HIPAA Made Easy

HIPAA made easy

In 1996, a major legislative act was passed affecting health care administration called the Health Insurance Portability & Accountability Act or HIPAA. Whenever the legislature writes new laws it's up to the rest of society to understand the legal jargon and find how what the new law is all about. That's the aim of this article- to help simplify and state the main concepts of HIPAA.

There are two main parts to HIPAA that need to be understood. * The first part of HIPAA amended the Internal Revenue Service Code of 1986. * The second part is directed at streamlining and standardizing some of the administrative aspects of health care administration and information systems.

The second role of HIPAA is what will be focused and discussed as this is the part which mostly affects health care providers. Again the purpose of HIPAA was to simplify health care administration. There are deadlines for compliance; HIPAA does provide penalties and legal action for noncompliance. There are four parts to HIPAA: * Standards for Electronic Transactions * Unique Identifiers Standards * Security Rule * Privacy Rule Before HIPAA there really wasn't much standardization among health care providers regarding filing claims and identification. This created a lot of problems, headaches and extra work. HIPAA aims at saving time and making the process more efficient. It affects how health care providers file and process claims and conduct other business electronically. HIPAA also makes provisions for how health care providers are identified. There was no standardized way of identifying health care providers in: (1) being identified to Medicare and other government health organizations and (2) in being identified with other health care providers. The security and privacy rules were created to ensure secure transmission of electronic data and to protect individuals' personal medical information.

Many health care providers use electronic means for filing, billing and claim work. There has yet to be any adopted standards for this, with each individual provider using whichever forms they like. This led to complications in filing claims with Medicare and in transferring information from provider to provider. HIPAA has changed that though making electronic filing forms standardized. When filing electronic claims or when sending an electronic medical record providers will now be using the same forms. Medicare will require that all providers use the same form when filing an electronic claim with them. Providers who do not file or process claims electronically will not be affected by HIPAA. Also a standardized set of codes must be used on records in relation to physical conditions, diseases, health, etc. Most providers and institutions already use this practice. There will be enforcement of compliance; HIPAA has set deadlines for when providers must be using the approved forms.

Also new with HIPAA is how providers will be identified. Health care providers, doctors, hospitals and health plans are required to have a unique identifier and current they are using either tax-id numbers or employer identification number.

The security and privacy rules contain provisions to ensure that people's personal records and information will be protected and kept confidential. Along with all other privacy laws there will be penalties for non compliance, HIPAA provides for fines up to $250,000 and possible jail time for severe enough violations. But don't be worried about too many places avoiding compliance, HIPAA was created to make the massive process of health care administration easier.

Rick Lorenzen writes for 10x Marketing. To learn more about HIPAA compliance, electronic claim software and electronic medical record software visit www.AdvancedMD.com.

HIPAA Software

The future of your medical practice could greatly depend on how well you comply with HIPAA. As there are complex procedures and you have to keep record of various steps apart from ensuring the security of the information you have access to, most the employers and medical professionals prefer to use HIPAA software.

The software is available online as well as offline, which helps the people concerned with implementing this law. In fact, this software can make the difference between success and failure, for a large number of medical professionals. The HIPAA software helps in removing inefficiency, which causes trouble for many health service providers.

If you plan to run a medical office without sapping too much of your time in dealing with administrative and data management problems, then HIPAA software can be of great help. It provides help in managing almost every aspect of a medical office, such as billing, scheduling, processing of claims, auditing, recording and reserving medical information. It reduces costs as well as the margin of error in managing health care services, and helps in improving the overall productivity of the staff.

Good HIPAA software should ensure that you are complying with all the HIPAA rules and regulations. You must not forget to get your software updated as new rules and regulations are incorporated. A list of such software programs is available on several websites. You can purchase them online. A number of software companies sell HIPAA software.

Do check the performance on trial basis before you pay the full price, as not all software would fulfill your requirement. The choice of software also depends on the type and size of your organization, as well as volume of data that has to be loaded and processed by this software.



HIPAA provides detailed information on HIPAA, HIPAA Compliance, HIPAA Laws, HIPAA Software and more. HIPAA is affliated with Electronic Medical Record Systems.

HIPAA Laws

HIPAA laws can be found online. But as they are not so simple to understand, you might like to go for one of those packages where you get a HIPAA Regulatory Manual along with a CD-ROM. Periodically, new rules are introduced under HIPAA. So one must buy the latest updated versions of such manuals and CD-ROMs.

The HIPAA laws specifically mention the procedures for getting permission from patients before disclosing their private health care information. There are separate legal rules for providing patients access to their health information. All of these legal provisions may have an impact on your trading partners, also. As a result, you might have to review your contracts.

There are several expert law firms which deal with HIPAA laws. These firms could help you in deciding whether your case falls under HIPAA laws or not. And if it does so, then you can learn what you have to do comply with them.

Remember that there are stringent penalties for violating HIPAA laws, and you might overlook one of the provisions unintentionally. There are several training centers which provide updated information about any law related to HIPAA. Many of them provide tips about how to follow these laws. There are a number of online resources where you can get not only general information on this subject, but have specific queries answered.

There is also software to help ensure that you, as an employer, are following all the legal provisions made under HIPAA. This software monitors the data management processes of your organization and points out errors, which can be rectified on the spot.



HIPAA provides detailed information on HIPAA, HIPAA Compliance, HIPAA Laws, HIPAA Software and more. HIPAA is affliated with Electronic Medical Record Systems

HIPAA Compliance

All entities that process health care data must comply with HIPAA. Such entities mainly include healthcare providers and insurance companies. According to the provisions made under this Act, any entity that transmits or stores the private health care information of an individual must comply with certain security regulations.

To ensure smooth compliance with HIPAA, the Department of Health and Human Services (HHS) has the authority to decide which particular codes should be used to identify administrative and medical expenses. This department, as a part of the compliance strategy, can create a safe identification system for clients, insurance carriers and health-care providers. This ID system is a national system.

HHS also has the authority to implement any other procedure necessary to secure private or personal information. Various organizations comply with HIPAA within certain prescribed time limits. Some of them are given 24 months, and those going for small plans can have around 36 months.

Any employer acting as a health care provider must comply with standards set up by HIPAA. There are penalties for non-compliance of HIPAA standards. The rules and regulations for various procedures set up under HIPAA may not be that easy to understand, for an individual. There are several organizations which can help you to comply with HIPAA standards. The help is available online as well as offline. A number of training courses are available for doctors, nurses and anyone else who is interested in learning easy and simple compliance procedures related to HIPAA. These training courses and programs are useful, especially for administrators, physicians and practice managers. Such programs are available online also. A certificate is provided after you complete the program.



HIPAA provides detailed information on HIPAA, HIPAA Compliance, HIPAA Laws, HIPAA Software and more. HIPAA is affliated with Electronic Medical Record Systems.

HIPAA legislation guide

The Health Insurance Portability and Accountability Act or HIPAA, which was enacted by the US Congress in 1996, has introduced to sweeping changes in health care administration and information systems. HIPAA is a federal law that has been amended to the Internal Revenue Code of 1986 which intends to improve portability and continuity of health insurance; combat waste, fraud and abuse in health insurance and health care delivery; promote the use of medical savings accounts and improve access to long-term health care services and coverage; and simplify the administration of health insurance.

HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). Under HIPAA, there are specific standards that all health care organizations are required to adhere to. These standards include an Administrative Simplification Title that is aimed at preventing health care fraud and abuse. Within this title, there are several laws and proposed standards including Electronic Health Transactions Standards, Privacy & Confidentiality Standards, Unique Health Identifiers, and Security & Electronic Signature Standards.

These HIPAA laws and standards directly apply to the following groups of health care entities: health plans, public and private payers, health care insurers, HMOs, Medicare, Medicaid, group health plans, health care clearinghouses, any entity that facilitates the processing of non-standard formatted health information and must convert the non-standard data into standard transactions, or vice versa, Health Care Providers, providers who transmit health information electronically, providers who receive individual health information, and providers who electronically maintain health information used in electronic transmissions between entities.

Non-compliance with HIPAA regulations may cause disruptions in an organization's day-to-day business processes, resulting in both tangible and intangible costs. The most serious implications of HIPAA non-compliance for health care organizations include the inability to effectively conduct electronic business and the potential of losing significant segments of business. The government also imposes some sanctions on those who fail to comply with the regulations of HIPAA. The penalty for failure to comply with regulations goes up to $100 per violation per person up to a maximum of $25,000 per year. Penalty for knowingly and wrongfully disclosing individually identifiable health information is up to $50,000 per violation or one year imprisonment or both for simple offense; up to $100,000 per violation or five years imprisonment or both if the offense is "under false pretenses"; and up to $250,000 or ten years imprisonment or both if committed with intent to sell, transfer or use for commercial advantage, personal gain or malicious harm.

Thus, the ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information. It helps to promote the modernization of health information systems. Becoming HIPAA-compliant is a challenging task because of extensive cross-departmental compliance and training requirements but it is an ongoing administration, privacy and security challenge that must be constantly addressed.

Mansi gupta recommends that you visit HIPAA legislation for more information

HIPAA and privacy guide 101

HIPAA has led to sweeping changes to health care administration and information systems as health care organizations struggle to achieve cost-effective compliance by 2003. The US Congress enacted the Health Insurance Portability and Accountability Act or HIPAA in 1996. The act covered a wide array of issues surrounding the health insurance industry but in particular it required administration simplification, which addressed the issue of security and privacy of health information.

HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). HIPAA outlined standards to improve the nation's health care system by incorporating electronic data exchange between health care providers. The idea of course was to allow various health providers to access the records of a particular patient. So, when a patient visits a new hospital, the covering doctor can access that patients past record and in so doing provide him with better care. However, as one could envisage, this raised a great number of apprehensions with respect to the privacy and confidentiality of people's medical records. So the legislature created a fundamental list of rules and regulations with which health care providers must comply. And the creation of these rules and regulations gave birth to the industry that is called HIPAA Compliance.

To ensure HIPAA compliance, there are certain key provisions, which need to be followed. For instance, individuals should be able to access their records and request correction of errors. Also, they should be informed about how their personal information will be used. The 'protected health information' (PHI) indicates that the information cannot be used for marketing purposes without the clear consent of the patients in question. People should be able to ask their covered entities (which maintain PHI about them), to ensure that their communications with the patient are confidential. It should be possible for people to file formal privacy-related complaints to the Department of Health and Human Services (HHS) Office for Civil Rights. Covered entities should document their privacy procedures, however, they have discretion on what to include in their privacy procedure. They are required to designate a privacy officer and train their employees. Covered entities can use an individual's information without the individual's consent if the purpose is to provide treatment, obtain payment for services and to perform the non-treatment operational tasks of the provider's business. Some of the agencies, government bodies and individuals who can access the medical records of a person under HIPAA compliance rules are the insurance companies, employers, courts, hospitals, or individual physicians. This is also considered as a downside of the HIPAA Privacy rule because sponsors of a research study; makers of drugs for the particular study and the researchers involved in the study are included in this list.

However, the ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information.

Mansi gupta recommends that you visit HIPAA and privacy for more information.

HIPAA: Requirements For Intranet Collaboration Software

Sharing private health information over the internet can be a risky business. Unfortunately, as people become accustomed to doing most if not all of their personal business online, the demand for accessing this information online will grow to the point that health care providers will have no choice but to either provide access to this private health information or lose their customers.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to assure the confidentiality of patient information. This requires that health care providers employ stringent measures to assure that information shared on the internet is protected from unauthorized access.

The HIPAA Act requires health-providing entities to:

* Assign responsibility for security to a person or organization.

* Assess security risks and determine the major threats to the security and privacy of protected health information.

* Establish a program to address physical security, personnel security, technical security controls, and security incident response and disaster recovery.

* Certify the effectiveness of security controls.

* Develop policies, procedures and guidelines for use of personal computing devices (workstations, laptops, hand-held devices), and for ensuring mechanisms are in place that allow, restrict and terminate access (access control lists, user accounts, etc.) appropriate to an individual's status, change of status or termination.

* Implement access controls that may include encryption, context-based access, role-based access, or user-based access; audit control mechanisms, data authentication, and entity authentication

This law has serious implications for organizations that allow unauthorized access resulting in a breach in confidentiality.

Security is the key

Since the HIPAA law provides for both civil and criminal penalties for violations, data and access security is of the utmost importance. To assure HIPPA compliance, online document management on company intranets and extranets must include a number of security features:

* Secure web server - a server running secure socket layers is the minimum needed.

* Encrypted database - all data must be encrypted. Software is available that will encrypted all data sent between two computer over the internet.

* Secure access control -- in addition to a traditional user id and password, it may be a good idea to use a strong password or smart card as additional security.

* Session timeout - this assures that confidential data is not left on an unattended screen.

* Server monitoring - the secure web server needs to be strictly monitored to detect break-in attempts.

* Regular security audits - regular audits are required to make sure all security precautions are working properly.

* Personnel - system maintenance should be in the hands of qualified personnel familiar with HIPPA requirements

Laura Schweiker writes extensively on the use of technology by businesspeople and is an evangelist for online collaboration and intranet solutions.

Use of intranets / extranets for HIPAA compliance

Collaboration among healthcare professionals, particularly in circumstances that require the sharing of confidential patient information, requires an intranet or extranet that offers enhanced security features.

The Health Insurance Portability and Accountability Act (HIPAA) has three major requirements:

* Protect the privacy of individual health information * Provide the necessary security to protect the privacy of individual health information * Provide standardization of electronic data interchange in health care transactions

Addressing this need, intranets and extranets are now available that meet these security requirements. As you consider the implementation of an intranet or extranet, look for the following security features:

* Secure web server with 128bit SSL encryption * Server monitoring * Secure IDs and passwords * Defined authority levels * Viewing permission controls * Session time out after 30 minutes * The ability to disable user-specific cookies, * The ability of users to change their own password, * The ability to create strong passwords. * Complete, un-editable activity log for security audits

Choosing a web-based solution

To speed the implementation of an intranet or extranet with these features, an increasingly popular approach is to use an Application Service Provider (ASP).

In addition to providing an immediate solution that has the appropriate security features in-place, the advantages of a web-based ASP include a lower cost of entry, a proven track-record of performance and no need to install intranet software or extranet software.

Laura Schwiker writes extensively on the use of technology by businesspeople and is an evangelist for online collaboration and collaboration software.

Laura Schwiker writes extensively on the use of technology by businesspeople and is an evangelist for online collaboration and collaboration software.

Overview Of The Health Insurance Portability And Accountability Act (HIPAA)

Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996. The purpose of this law is to protect private individual health information from being disclosed to anyone without the consent of the individual. Except under unusual circumstances, the consent needs to be in writing.

However, there are some exceptions to the consent provision. The consent provision does not apply in the following situations:

- Treatment
- Billing
- Quality assurance
- Peer review
- Business planning activities
- Staff training
- Required reporting to public health agencies
- Certain emergency situations
- Research studies that have obtained a wavier from the Institutional Review Board (IRB)

Research

Private health information can be used in research studies if it is "de-individualized" so that the identity of the individual cannot be ascertained from the information disclosed. For example, if you were conducting a study of the lung problems suffered by New Yorkers after the 911 terrorist attacks, it would be permissible to identify a patient as, a 50 year old, 5'11', 175 lb., while male from New York City with high blood pressure.

Marketing

Health care providers are prohibited from selling or using their patient or enrollees lists to market products from a third party. However, they can use their list to communicate with or sell their own services to their list members. Great care must be taken to restrict access when using online collaboration, such as an intranet (http://www.trichys.com).

Business Associates

All business associates, vendors or other contractors that use the health care provider's facility must sign a contract stating that they understand and agree to be bound by HIPAA regulations. The health care provider can be held responsible for the actions of the business associate if they did not sign a contract or there was a history of abuse and the health care provider did noting about it.

Individual Rights

Under HIPAA, individuals have the right to:

- Notice of the health provider's privacy practices
- Request restrictions on who is allowed to access their health information
- Access, inspect or copy their personal health information
- Request an accounting of all disclosures of their health information
- Request corrections or amendments to their health information

Health Care Providers Responsibilities

Health care providers are required to:

- Provide security for both paper and electronic individual health information
- Institute a complaint process to investigate complaints
- Train staff on the law

The HIPAA regulations allow for both civil monetary and criminal penalties for violations of the act.

Malcolm Brown is Vice President of Trichys, providers of intranets and extranet solutions for health care and HIPAA compliance (http://www.trichys.com/home/industry-solutions/hipaa.vm).

HIPAA and Email - How Does Your Practice Deal with Compliance in a Digital Age

The internet has created a new business model for the smaller medical practice, specialty clinic and medical service (e.g. dermatologist, plastic surgeon, physical therapist, psychologist, et. al). More and more, patients are looking to communicate with their healthcare providers as they do in their personal and business lives - via email.

Email as a communication solution for the smaller clinic can be a time-saving resource. It can replace the many phone calls and postal mailings, adding a financial benefit to the smaller clinic.

Does email eliminate the office visit? No nothing can replace the personal face-to-face office visit, but email can be an additional tool clinicians can implement to streamline their practice.

Some healthcare practitioners do however feel that emailing their patients equates to working for free, but some clinics have already adopted charging for email consultations.

At some practices, patients pay a flat rate from $100 to several hundred dollars per year for this type of service. Harvard professor of medicine Dr. Daniel Z Sands, a proponent to a digital clinic, stated "I think it's reasonable to assume that if lawyers and accountants charge for time, then physicians should too. (1)"

Sustainability of Health Information Technology is also on the government's radar. As part of the President's mandate to move the medical field towards a digital clinical setting within the next ten years (2). The National Coordinator for Health IT, Dr. David Brailer, noted the value-added benefit of investing in Healthcare IT:

Information technology supports treatment choices for consumers and enables better and more cost-effective care... Health IT not only adds value to the way people lead their lives, but it gets more out of our investment in healthcare overall. (3)

It is possible for clinics to shift towards a digital medical office while remaining financially solid. Rights management software tools have become a reality for the small and medium business office (4). Small Business Rights Management (SBRM) reflects a shift Rights Management software tools.

SBRM solutions provide clinics and practices of a smaller scale an equal level of user rights management and encryption previously available to larger medical organizations (e.g. state hospitals, large research facilities, university medical networks, etc.).

With any medical advance, the side affects of a solution or cure, must also be considered. While email is beneficial time-wise and financially, there are also cons to using this tool - many HIPAA related. According to the Health Privacy Project's 2005 study, 70% of Americans are concerned that personal health information (PHI) could be disclosed as a result of weak data security (5)

Currently, healthcare organizations are required to provide a disclosure statement when communication is sent to their patients. A sample of a healthcare professional's email disclosure statement may read like this:

Client information gathered by [Clinic or Organization's Name] is protected by Federal Law. If this communication contains any client information, including information which would identify a client, you are prohibited from redisclosing it to any person or organization in any manner, and you are required to maintain it as confidential. Failure to do so is punishable by civil and criminal penalties. If such information has reached you in error, please contact [Clinic or Organization's Name] contact@emailaddress.com

With the advent of phishing, malware, and spyware, the unintended recipient could possibly spread a patients PHI like a virus; using or selling data to any number of damaging sites.

Protecting a patient's PHI is an ingrained concept within the medical profession. Laws and government mandates are take this notion a step further, medical facilities not compliant to protecting their patient's PHI face stiff penalties under HIPAA. PHI includes and is not limited to:

* Patient's address, phone number
* Treating Hospital/Clinic number assigned the patient
* Patient's date of birth/ SSN
* Patients legal next of kin/guardian and their telephone number
* Patient's insurance information (pre-certification/ DSHS/ Medicare)
* Anticipated Admission date and time<

While there are some drawbacks to email, patients want the option of emailing their doctor, pharmacist, therapist or clinic. "People are often more comfortable talking to a computer than they are to a doctor," said Dr. Delbanco, a professor of medicine at the Harvard Medical School and the lead author of an article on doctors and e-mail in the New England Journal of Medicine (6).

Dealing with HIPAA compliance issues can often be frustrating to the small clinical practice. SBRM solutions bridge the gap between staying current with healthcare industry regulations and keeping a small physician practice open. Patient/client information, private communiqu? regarding diagnosis/treatment, and medical billing can stay discreet, only the intended recipient will see this information.

With SBRM solutions; clinics don't have to worry that their email content breaks the Hippocratic Oath's creed of confidentiality by revealing patient's PHI. Healthcare providers can remain both respectful and compliant under HIPAA regarding the patient privacy.

- - - - - - - - - -

End Notes:

1.) Dr. Daniel Z. Sands as quoted in Liz Kowalczyk's article "Is E-Mailing the Future of Doctor-Patient Relations?" The Boston Globe, D2, April 27, 2004, Lexis Nexus - http://www.lexisnexus.com

2.) United States Department of Health and Human Services, "Secretary Leavitt Takes New Steps to Advance Health IT," Press Release on HHS website, June 6, 2005, http://www.os.dhhs.gov/

3.) "Remarks by David Brailer, MD PhD National Coordinator for Health Information Technology HIMSS 2005" February 17, 2005, http://www.himss.org

4.) SBRM on Wikipedia - http://en.wikipedia.org/wiki/Small_Business_Rights_Management

5.) "Majority of Americans Have Privacy Concerns about Electronic Medical Record System," Health Privacy Project (www.heathprivacy.org): http://www.healthprivacy.org/info-url_nocat2303/info-url_nocat_show.htm?doc_id=263085

6.) Anahad O'Connor, "Take Two Aspirin, E-Mail Me Tomorrow," The New York Times, Section F; Column 5; Health & Fitness; 7., 30 September 2005, Lexis Nexis - http://www.lexisnexus.comMs. Veniegas is an alumni of the University of Washington Marilee joined the Marketing team at Essential Security Software, Inc. in 2005. She also serves as one of the ESS site editors for "I Want My ESS!

HIPAA Compliance 101

What is HIPAA?

The U.S. Congress ordained the Health Insurance Portability and Accountability Act (HIPAA) in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they lose or change their jobs. According to title II of HIPAA, the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The purpose of all these standards is to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care.

The AS provisions are applicable to only ?covered entities?. Covered entities are those health care providers (e.g. doctors offices and hospitals) which engage in electronic transactions as per the HIPAA/EDI rules, health plans (which includes health insurance companies and employer-sponsored ?group health plans?), and health care clearing houses.

Applying HIPAA Provisions

Certain key provisions need to be followed for HIPAA compliance. Individuals should be able to access their records and request correction of errors. Also, they should be informed about how their personal information will be used. The ?protected health information? (PHI) indicates that the information cannot be used for marketing purposes without the explicit consent of the patients in question. People should be able to ask their covered entities (which maintain PHI about them), to ensure that their communications with the patient are confidential. It should be possible for people to file formal privacy-related complaints to the Department of Health and Human Services (HHS) Office for Civil Rights. Covered entities should document their privacy procedures, however, they have discretion on what to include in their privacy procedure. Covered entities are required to designate a privacy officer and train their employees. Covered entities can use an individual's information without the individual's consent if the purposes is to provide treatment, obtain payment for services and to perform the non-treatment operational tasks of the provider's business. Chris Tolamalu is interested in HIPAA compliance. See http://www.hipaacompliancejournal.com for more information.

How HIPAA Security Policies Affect Corporate E-mail Systems

TrustAlthough considered by many to be the sole concern of health care providers, the Health Insurance Portability and Accountability Act (HIPAA) affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 and it's original purpose was to protect employee health and insurance information when workers changed or lost their jobs. As use of the internet became more widespread in the mid-1990s, HIPAA requirements overlapped with the digital revolution and offered direction to organizations needing to exchange healthcare information. HIPAA regulations apply to any establishment that exchanges individually identifiable healthcare information.

Collaboration between healthcare professionals, their colleagues, their patients, and employers has grown progressively more digital, and e-mail has played an ever-increasing role in this communication. In the process of this development, the need for information security and privacy has created an impediment to widespread adoption.

In addition to the usual concerns about privacy and security of e-mail correspondence, even organizations that are not in the heathcare industry must now consider the regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how e-mail containing PHI should be treated in the corporate setting. HIPAA, as it relates to e-mail security, is an enforcement of otherwise well-known best practices that include:

• Ensuring that e-mail messages containing PHI are kept secure when transmitted over an unprotected link
  
• Ensuring that e-mail systems and users are properly authenticated so that PHI does not get into the wrong hands
  
• Protecting e-mail servers and message stores where PHI may exist
  

Organizations regulated by HIPAA must comply and put these practices in place. However, the need to comply with regulations puts particular pressure on the healthcare industry to enhance their use of technology and catch up with other industries of similar size and scope.

The privacy protection provisions in HIPAA pose a major compliance challenge for the healthcare industry. These provisions are intended to protect patients from disclosure of any of their individually identifiable health information. Organizations that fail to protect this information face fines ranging from $10,000 to $25,000 for each instance of unauthorized disclosure. If the disclosure is found to be intentional, HIPAA provides for fines ranging from $100,000 to $250,000 and possible jail time for individuals involved in the violations.

Starting April 21, 2005, a new security rule focusing solely on PHI that is stored and transmitted electronically will be enforced as part of HIPAA. The requirements of this rule, which are simply information security best practices, focus on the three cornerstones of a solid information security infrastructure confidentiality, integrity, and availability of information.

The imminent HIPAA regulatory requirements encompass PHI transmission, storage and discoverability. Given the widespread use and importance of e-mail, enforcement of HIPAA encryption policies and the growing demand for secure e-mail solutions, e-mail security has never been more important to the healthcare industry than it is right now.

IronMail significantly contributes to compliance with the HIPAA privacy and security requirements as they relate to protecting PHI that is transmitted and stored via e-mail. Everything from data encryption to firewall and intrusion protection to content filtering is included in the IronMail solution. Once in place, IronMail can be used to protect e-mail going into and out of corporate networks.

As IronMail is a standards-based appliance, it can be integrated into any existing e-mail system seamlessly, without requiring extensive IT staff training, or relying on users to take extra steps to perform e-mail functions.

The IronMail appliance is tailored to help organizations comply with the stringent new guidelines imposed by HIPAA, from security management processes to access control to data integrity.

HIPAA compliance is seen by many organizations as a prohibitively expensive hurdle to overcome. In addition, the growing dependence on e-mail as a mission-critical application requires security and privacy to be a top priority. A solid combination of security policies and the technologies to enforce those policies can ensure improved security as well as HIPAA readiness and ongoing adherence. With IronMail, organizations reduce information complexities as well as associated management costs which can help improve patient relationships, increase the quality of care, and improve the bottom line. E-mail can indeed be safe and secure.

Collaboration between healthcare professionals, their colleagues, their patients, and employers has grown progressively more digital, and e-mail has played an ever-increasing role in this communication. In the process of this development, the need for information security and privacy has created an impediment to widespread adoption.

In addition to the usual concerns about privacy and security of e-mail correspondence, even organizations that are not in the heathcare industry must now consider the regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how e-mail containing PHI should be treated in the corporate setting. HIPAA, as it relates to e-mail security, is an enforcement of otherwise well-known best practices that include:

• Ensuring that e-mail messages containing PHI are kept secure when transmitted over an unprotected link
  
• Ensuring that e-mail systems and users are properly authenticated so that PHI does not get into the wrong hands
  
• Protecting e-mail servers and message stores where PHI may exist
  

Organizations regulated by HIPAA must comply and put these practices in place. However, the need to comply with regulations puts particular pressure on the healthcare industry to enhance their use of technology and catch up with other industries of similar size and scope.

The privacy protection provisions in HIPAA pose a major compliance challenge for the healthcare industry. These provisions are intended to protect patients from disclosure of any of their individually identifiable health information. Organizations that fail to protect this information face fines ranging from $10,000 to $25,000 for each instance of unauthorized disclosure. If the disclosure is found to be intentional, HIPAA provides for fines ranging from $100,000 to $250,000 and possible jail time for individuals involved in the violations.

Starting April 21, 2005, a new security rule focusing solely on PHI that is stored and transmitted electronically will be enforced as part of HIPAA. The requirements of this rule, which are simply information security best practices, focus on the three cornerstones of a solid information security infrastructure confidentiality, integrity, and availability of information.

The imminent HIPAA regulatory requirements encompass PHI transmission, storage and discoverability. Given the widespread use and importance of e-mail, enforcement of HIPAA encryption policies and the growing demand for secure e-mail solutions, e-mail security has never been more important to the healthcare industry than it is right now.

IronMail significantly contributes to compliance with the HIPAA privacy and security requirements as they relate to protecting PHI that is transmitted and stored via e-mail. Everything from data encryption to firewall and intrusion protection to content filtering is included in the IronMail solution. Once in place, IronMail can be used to protect e-mail going into and out of corporate networks.

As IronMail is a standards-based appliance, it can be integrated into any existing e-mail system seamlessly, without requiring extensive IT staff training, or relying on users to take extra steps to perform e-mail functions.

The IronMail appliance is tailored to help organizations comply with the stringent new guidelines imposed by HIPAA, from security management processes to access control to data integrity.

HIPAA compliance is seen by many organizations as a prohibitively expensive hurdle to overcome. In addition, the growing dependence on e-mail as a mission-critical application requires security and privacy to be a top priority. A solid combination of security policies and the technologies to enforce those policies can ensure improved security as well as HIPAA readiness and ongoing adherence. With IronMail, organizations reduce information complexities as well as associated management costs which can help improve patient relationships, increase the quality of care, and improve the bottom line. E-mail can indeed be safe and secure.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, Contributing to HIPAA Compliance with IronMail or by visiting www.ciphertrust.com.

Alert: New HIPAA Rules Could Affect Your Organization

 Trust Failure to adhere to the new guidelines could cost your company
up to $250,000 per infraction!

On April 21, 2005 (just over three weeks from today), a new Health Insurance Portability and Accountability Act (HIPAA) security rule goes into effect. The requirements of this rule, which are basically information security best practices, focus on the three cornerstones of a solid information security infrastructure: confidentiality, integrity and availability of information.

The imminent HIPAA regulatory requirements encompass transmission, storage and discoverability of Protected Health Information (PHI). Given the widespread use and mission-critical nature of email, enforcement of HIPAA encryption policies and the growing demand for secure email solutions, email security has never been more important to the healthcare industry than it is right now.

Although many assume it applies only to health care providers, HIPAA affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 by former President Bill Clinton, with the intent of protecting employee health and insurance information when workers changed or lost their jobs. As Internet use became more widespread in the mid-to-late 1990s, HIPAA requirements overlapped with the digital revolution and offered direction to organizations needing to exchange healthcare information.

HIPAA in the Workplace
Collaboration between employers and healthcare professionals has grown increasingly digital, and email has played an ever-increasing role in this communication. However, emails increased importance can lead to severe consequences without proper security and privacy measures implemented.

In addition to the usual concerns about privacy and security of email correspondence, even organizations that are not in the healthcare industry must now consider the regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how email containing PHI should be treated in the corporate setting. HIPAA, as it relates to email security, is an enforcement of otherwise well-known best practices that include:

• Ensuring that email messages containing PHI are kept secure when transmitted over an unprotected link
  
• Ensuring that email systems and users are properly authenticated so that PHI does not get into the wrong hands
  
• Protecting email servers and message stores where PHI may exist
  

Organizations regulated by HIPAA must comply and put these practices in place. However, the need to comply with regulations puts particular pressure on the healthcare industry to enhance their use of technology and catch up with other industries of similar size and scope.

Privacy and Email Security
The privacy protection provisions in HIPAA pose a major compliance challenge for the healthcare industry. These provisions are intended to protect patients from disclosure of any of their individually identifiable health information. Organizations that fail to protect this information face fines ranging from $10,000 to $25,000 for each instance of unauthorized disclosure. If the disclosure is found to be intentional, HIPAA provides for fines ranging from $100,000 to $250,000 and possible jail time for individuals involved in the violations.

The clock is ticking its time to get started
Bringing an enterprise into compliance with the rules set by HIPAA can seem like a very daunting task to even the most experienced executives. Nonetheless, the growing dependence on email as a mission-critical application requires that your organization implement comprehensive security and privacy policies and soon. A solid combination of security policies and the technologies to enforce those policies can ensure improved security as well as HIPAA readiness and ongoing adherence.

Despite the immediacy of the new HIPAA security rule, your organization can still achieve compliance. Learn more about how IronMail helps organizations comply with HIPAA by downloading CipherTrusts free whitepaper, "IronMail Compliance Control: Contributing to Corporate Regulatory Compliance". Failure to adhere to the new guidelines could cost your company
up to $250,000 per infraction!

On April 21, 2005 (just over three weeks from today), a new Health Insurance Portability and Accountability Act (HIPAA) security rule goes into effect. The requirements of this rule, which are basically information security best practices, focus on the three cornerstones of a solid information security infrastructure: confidentiality, integrity and availability of information.

The imminent HIPAA regulatory requirements encompass transmission, storage and discoverability of Protected Health Information (PHI). Given the widespread use and mission-critical nature of email, enforcement of HIPAA encryption policies and the growing demand for secure email solutions, email security has never been more important to the healthcare industry than it is right now.

Although many assume it applies only to health care providers, HIPAA affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 by former President Bill Clinton, with the intent of protecting employee health and insurance information when workers changed or lost their jobs. As Internet use became more widespread in the mid-to-late 1990s, HIPAA requirements overlapped with the digital revolution and offered direction to organizations needing to exchange healthcare information.

HIPAA in the Workplace
Collaboration between employers and healthcare professionals has grown increasingly digital, and email has played an ever-increasing role in this communication. However, emails increased importance can lead to severe consequences without proper security and privacy measures implemented.

In addition to the usual concerns about privacy and security of email correspondence, even organizations that are not in the healthcare industry must now consider the regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how email containing PHI should be treated in the corporate setting. HIPAA, as it relates to email security, is an enforcement of otherwise well-known best practices that include:

• Ensuring that email messages containing PHI are kept secure when transmitted over an unprotected link
  
• Ensuring that email systems and users are properly authenticated so that PHI does not get into the wrong hands
  
• Protecting email servers and message stores where PHI may exist
  

Organizations regulated by HIPAA must comply and put these practices in place. However, the need to comply with regulations puts particular pressure on the healthcare industry to enhance their use of technology and catch up with other industries of similar size and scope.

Privacy and Email Security
The privacy protection provisions in HIPAA pose a major compliance challenge for the healthcare industry. These provisions are intended to protect patients from disclosure of any of their individually identifiable health information. Organizations that fail to protect this information face fines ranging from $10,000 to $25,000 for each instance of unauthorized disclosure. If the disclosure is found to be intentional, HIPAA provides for fines ranging from $100,000 to $250,000 and possible jail time for individuals involved in the violations.

The clock is ticking its time to get started
Bringing an enterprise into compliance with the rules set by HIPAA can seem like a very daunting task to even the most experienced executives. Nonetheless, the growing dependence on email as a mission-critical application requires that your organization implement comprehensive security and privacy policies and soon. A solid combination of security policies and the technologies to enforce those policies can ensure improved security as well as HIPAA readiness and ongoing adherence.

Despite the immediacy of the new HIPAA security rule, your organization can still achieve compliance. Learn more about how IronMail helps organizations comply with HIPAA by downloading CipherTrusts free whitepaper, "IronMail Compliance Control: Contributing to Corporate Regulatory Compliance".

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, IronMail Compliance Control: Contributing to Corporate Regulatory Compliance or by visiting www.ciphertrust.com.

Are you HIPAA Compliant?Matt Sears

By - Matt Sears, Senior Vice President
Athens Benefits Insurance Services, Inc.
A division of The Jenkins Athens Group

HIPAA. Perhaps one of the most significant laws in recent memory; certainly one of the most complex. While this short article won't make anyone an expert, it will, hopefully, demystify this wide ranging set of laws and put you on the path towards compliance.

First, let's answer the question; "What is HIPAA?" HIPAA stands for the Health Insurance Portability and Protection Act of 1996. Although it purports to regulate health insurance, HIPAA provisions extend far beyond insurance. HIPAA introduced broad disclosure and privacy requirements. It also established civil and criminal penalties for each violation (up to $25,000 per person per year in civil penalties and up to $250,000 in criminal fines - along with imprisonment).

Title I of HIPAA deals with portability and special enrollment rights for health plans. Those conditions must have been incorporated into your plans by now (original compliance date was 1997). Title II of HIPAA governs a wide ranging set of conditions called, "Administrative Simplification". For those charged with compliance, the notion that HIPAA simplifies anything qualifies as "dark humor". Administrative simplification attempts to create a uniform system for processing and retention of health information and ensuring the security of that information.

For the purposes of this article, we're only concerned with those portions of the law impacting most employers...privacy. Notably the privacy of personal data defined by HIPAA as "Protected Health Information" or "PHI" - information that is personally identifiable. In the broadest summary possible, key components of HIPAA privacy requirements for a plan sponsor are fairly straightforward:

Generally, the employer (Plan Sponsor) is not a HIPAA "Covered Entity" - the Health Plan is. For fully insured plans, this typically means the health insurer, HMO, EAP provider, etc.
As the Covered Entities, health plans bear the brunt of compliance requirements (your responsibilities become exponentially larger as the quantity of data you receive increases)
Meet with every service provider, or ensure that your broker or consultant has reviewed compliance requirements with each
Use protected health information only for needed administration of the benefit programs (HIPAAspeak: "Treatment, Payment and Health Care Operations)
Collect (and release) only the minimum data required to "do the job" (e.g. enroll an employee, file claims, etc.)
Restrict the data to those persons who absolutely must use it
Establish "firewalls" and safeguards to protect the data (separate locked files, restricted access, password protect systems)
Appoint a Privacy Official (not required for fully insured plans that never receive PHI)
Create a Privacy Policy and distribute a Privacy Notice to participants
"Scrub" personally identifiable data from communications pieces, ID Cards, etc.

HIPAA, like COBRA before it, will continually change as new rules and regulations are released (for example, the U.S. Dept. of HHS has yet to release enforcement rules for HIPAA). Ongoing compliance will require vigilance in remaining up to date on the changing laws. It's vital your broker/consultant proactively work with your organization to review plans, identify problems and provide ongoing education to maximize the performance of your benefit plans.
By - Matt Sears, Senior Vice President
Athens Benefits Insurance Services, Inc.
A division of The Jenkins Athens Group

HIPAA. Perhaps one of the most significant laws in recent memory; certainly one of the most complex. While this short article won't make anyone an expert, it will, hopefully, demystify this wide ranging set of laws and put you on the path towards compliance.

First, let's answer the question; "What is HIPAA?" HIPAA stands for the Health Insurance Portability and Protection Act of 1996. Although it purports to regulate health insurance, HIPAA provisions extend far beyond insurance. HIPAA introduced broad disclosure and privacy requirements. It also established civil and criminal penalties for each violation (up to $25,000 per person per year in civil penalties and up to $250,000 in criminal fines - along with imprisonment).

Title I of HIPAA deals with portability and special enrollment rights for health plans. Those conditions must have been incorporated into your plans by now (original compliance date was 1997). Title II of HIPAA governs a wide ranging set of conditions called, "Administrative Simplification". For those charged with compliance, the notion that HIPAA simplifies anything qualifies as "dark humor". Administrative simplification attempts to create a uniform system for processing and retention of health information and ensuring the security of that information.

For the purposes of this article, we're only concerned with those portions of the law impacting most employers...privacy. Notably the privacy of personal data defined by HIPAA as "Protected Health Information" or "PHI" - information that is personally identifiable. In the broadest summary possible, key components of HIPAA privacy requirements for a plan sponsor are fairly straightforward:

Generally, the employer (Plan Sponsor) is not a HIPAA "Covered Entity" - the Health Plan is. For fully insured plans, this typically means the health insurer, HMO, EAP provider, etc.
As the Covered Entities, health plans bear the brunt of compliance requirements (your responsibilities become exponentially larger as the quantity of data you receive increases)
Meet with every service provider, or ensure that your broker or consultant has reviewed compliance requirements with each
Use protected health information only for needed administration of the benefit programs (HIPAAspeak: "Treatment, Payment and Health Care Operations)
Collect (and release) only the minimum data required to "do the job" (e.g. enroll an employee, file claims, etc.)
Restrict the data to those persons who absolutely must use it
Establish "firewalls" and safeguards to protect the data (separate locked files, restricted access, password protect systems)
Appoint a Privacy Official (not required for fully insured plans that never receive PHI)
Create a Privacy Policy and distribute a Privacy Notice to participants
"Scrub" personally identifiable data from communications pieces, ID Cards, etc.

HIPAA, like COBRA before it, will continually change as new rules and regulations are released (for example, the U.S. Dept. of HHS has yet to release enforcement rules for HIPAA). Ongoing compliance will require vigilance in remaining up to date on the changing laws. It's vital your broker/consultant proactively work with your organization to review plans, identify problems and provide ongoing education to maximize the performance of your benefit plans. Setting-up Your New Computer: How To Move Your Old Files to Your New ComputerSteven PresarYou've got a new computer for your office. It's cleaner, better, faster and you can't wait to start to use it!

However, your satisfaction of making a fresh start with a new computer is tempered by the fact that all of your "stuff" is still on your old computer. Everything that made your old computer YOUR computer: your personal settings, your business files, your company spreadsheets are still loaded on your old computer.

You find yourself with a new computer that's not so great without a whole lot of the useful file information that is still stored on your old computer. How are you going to get all of that information onto your new computer?

The process is called "data migration" and it can be a tedious and time-consuming task for you and your business.

Here are some suggestions to make this data migration go a little easier for you.

CDs

One option is to copy ("burn") everything to recordable CDs.

Blank CDs are cheap, at about $1 apiece, and can hold more than 600 megabytes each. That much storage space should be enough for most small businessess to transfer old data files from one hard drive to a new.

Two drawbacks to the CD method of data transfer are that:

~ It may take a while to burn each CD and
~ That you may not have a recordable CD drive on your old PC.

Recordable CD units are standard on newer PCs but if older computers have a CD unit, it was insatlled as later add-on hardware feature. Thus, depending on the age of your older computer, it may not have a recordable CD drive installed at all. To install a recordable CD drive on your older computer now, may be more of a time-consuming effort when compared with other alternatives to moving your data files.

Portable Drives

Iomega has a pre-packaged solution designed to bridge the gap between old and new computers. They offer a software "moving kit" for individuals who have recently bought a new computer with Microsoft's Windows XP.

The software works with Iomega Zip, Jaz and Peerless drives. It allows individuals to "pack" the files they have on their old computer onto a portable high-capacity disks and then "unpack" the same files onto your new computer.

The transfer software uses Microsoft's "files & settings transfer wizard," a feature included in Windows XP.

After connecting a high-capacity drive to your old computer, you need to download the transfer tool, which primes a disk to prompt you to begin the transfer process the next time it is inserted into a drive. Setting up the disk also requires a CD with the Windows XP operating system.

Keep in mind, software moving kits, have the ability to move everything. Thus, if you are not aware of what files that you are transferring, you may be transferring unneeded problem or virus files to your new computer.

Link Transfers

There are other options if you do not want to shuffle CDs or portable drives.

With the link transfer software option your computers are linked through a serial cable or USB cable. After the software program has been installed on both of your computers (the "source" the old computer and "target" the new computer), you click through a question-and-answer wizard to describe what files you want to transfer. And for transfers on the fly, you can drag and drop folders or files between the two panes in the program representing each computer.

Some link transfer software packages that work with Microsoft's Windows are: PCsync, IntelliMover, PC Relocator, and PC Upgrade Commander.

In each case, the software must be installed on both your old and new computers. The software scans your old computer hard drive, to inventory the folders, subfolder, and files and then you select the data files that you would like to transfer to your new computer.

It sounds like a fairly simple way to handle your data transfer. However, be aware:

~ Generally, these programs want to move all the contents of your old computer to your new computer. That's OK for your data files but moving the program files that run your applications may cause problems because older applications may not be supported by your new computer operating system. Transferring a Windows 95-era program to a computer preloaded with the Windows XP operating system could be a problem because many of those programs haven't been upgraded to run under Windows XP.

~ When you move the full contents of a computer system, everything moves over, including those obscure files that had your old computer running sluggish in its final days.

~ Moving data through a USB cable isn't fast, but it is faster than data transfer through a parallel port.

Choosing a Data Migration Software Package

~ Does the software allow you to pick and choose which files are moved, or does it move EVERYTHING -- even the junk files?

~ How is the data transferred? A wireless network is faster than a USB cable, which is faster than a USB cable, which is faster than a parallel cable. Are you prepared to wait hours or even days for this transfer to take place?

~ If you're using the Internet as a holding place for your data, check your connection and upload speeds. It could take hours to move those files.

~ Consider investing in a high-capacity external hard drive, a plug-and-play device that you'll simply connect to your new computer. The drive, though more expensive, will get far more use than one-time migration software.

Getting Ready for Your Data Migration

~ Get rid of all of your old files. Fill your recycle bin on your old computer with as much as you can. There's nothing worse than bringing useless data to the new computer.

~ Make a software checklist. Is your versions of current program applications compatible with Windows XP? Look on the Web for free Windows XP upgrades to new versions of the programs you need, such as your Palm desktop software.

~ Does your new computer have preloaded software on it? Chances are good the latest Internet browser is already pre-load on your new computer and thus you do not have to transfer the older browser version.

~ Make a list of user names and passwords that are stored in files on your old computer and automatically appear when you visit Web sites. They could be lost in the move, denying you access on your new computer.

Steven Presar is a recognized small business technology coach, Internet publisher, author, speaker, and trainer. He provides personal, home, and computer security solutions at www.ProtectionConnect.com. He provides business software reviews at www.OnlineSoftwareGuide.com. In addition, he publishes articles for starting and running a small business at www.Agora-Business-Center.com. Be sure to sign-up for the SOHO newsletter at the site.

 

Are you HIPAA Compliant?

A closer look at HIPAA
By - Matt Sears, Senior Vice President
Athens Benefits Insurance Services, Inc.
A division of The Jenkins Athens Group

HIPAA. Perhaps one of the most significant laws in recent memory; certainly one of the most complex. While this short article won't make anyone an expert, it will, hopefully, demystify this wide ranging set of laws and put you on the path towards compliance.

First, let's answer the question; “What is HIPAA?" HIPAA stands for the Health Insurance Portability and Protection Act of 1996. Although it purports to regulate health insurance, HIPAA provisions extend far beyond insurance. HIPAA introduced broad disclosure and privacy requirements. It also established civil and criminal penalties for each violation (up to $25,000 per person per year in civil penalties and up to $250,000 in criminal fines - along with imprisonment).

Title I of HIPAA deals with portability and special enrollment rights for health plans. Those conditions must have been incorporated into your plans by now (original compliance date was 1997). Title II of HIPAA governs a wide ranging set of conditions called, “Administrative Simplification". For those charged with compliance, the notion that HIPAA simplifies anything qualifies as “dark humor". Administrative simplification attempts to create a uniform system for processing and retention of health information and ensuring the security of that information.

For the purposes of this article, we're only concerned with those portions of the law impacting most employers...privacy. Notably the privacy of personal data defined by HIPAA as “Protected Health Information" or “PHI" - information that is personally identifiable. In the broadest summary possible, key components of HIPAA privacy requirements for a plan sponsor are fairly straightforward:

Generally, the employer (Plan Sponsor) is not a HIPAA “Covered Entity" - the Health Plan is. For fully insured plans, this typically means the health insurer, HMO, EAP provider, etc.
As the Covered Entities, health plans bear the brunt of compliance requirements (your responsibilities become exponentially larger as the quantity of data you receive increases)
Meet with every service provider, or ensure that your broker or consultant has reviewed compliance requirements with each
Use protected health information only for needed administration of the benefit programs (HIPAAspeak: “Treatment, Payment and Health Care Operations)
Collect (and release) only the minimum data required to “do the job" (e.g. enroll an employee, file claims, etc.)
Restrict the data to those persons who absolutely must use it
Establish “firewalls" and safeguards to protect the data (separate locked files, restricted access, password protect systems)
Appoint a Privacy Official (not required for fully insured plans that never receive PHI)
Create a Privacy Policy and distribute a Privacy Notice to participants
“Scrub" personally identifiable data from communications pieces, ID Cards, etc.

HIPAA, like COBRA before it, will continually change as new rules and regulations are released (for example, the U.S. Dept. of HHS has yet to release enforcement rules for HIPAA). Ongoing compliance will require vigilance in remaining up to date on the changing laws. It's vital your broker/consultant proactively work with your organization to review plans, identify problems and provide ongoing education to maximize the performance of your benefit plans.

No Living Will & Power Of Attorney? HIPAA Law Shuts You Out

What do you mean I can't find out about my husband's accident injuries? Why can't we move my mother to the nice nursing-home down the street? The Health Insurance Portability and Accountability Act or HIPAA caused two of my clients to live through these very situations.

A husband and wife were involved in a terrible automobile accident. The husband was seriously injured. His wife wanted to make certain that the needed medical attention was given to her husband. The wife could not get any medical information from her doctor. Even though she was the wife, the new HIPAA law and regulations prevents her from receiving medical information without specific written authorization!

In another case, an elderly widow lady became incapacitated. Her two children wanted to place her in a nursing home so that she would receive adequate care. Even though they had a living will and health-care power of attorney for their mother, they were required to go to court and be appointed her guardians so that they could place their mother in the health care facility.

What is the HIPAA Law all about?

The HIPAA Law in a Nutshell

HIPAA took effect on April 14, 2003.

This legislation applies to virtually every physician, nurse, pharmacist, dentist, and health care provider in the nation. It impacts everyone's access to health care information.

What does this privacy act mean? The regulations stress that health care providers must limit health information to those who are intended to receive it. This means health care information cannot be released to any unauthorized person. This may mean you may not be able to receive medical records for your spouse or parent.

HIPAA Violation Penalties

The penalties for health care providers are staggering. For each disclosure violation, there is a $100 fine. If the violation is knowing, there are criminal penalties of a $50,000 fine and up to one year in prison. If information is provided or obtained under false pretenses, there is $100,000 fine and up to five years in prison. If the wrongful sale, transfer or use of the information was for commercial advantage, there is a $250,000 fine and up to 10 years in prison.

How does this affect you? To ensure an easy transition, you must have the appropriate medical release language to comply with HIPAA in three of your estate planning documents.

Documents to Update

The documents which need to be updated are:

 

• Your Living Will and Health Care Power of Attorney
• Your Living Trust
• Your Durable Power of Attorney

 

What if I do nothing?

You may be forced to sign the doctor's or hospitals forms in a stressful emergency situation. These documents may not reflect your choices and may contain confusing legal and/or medical terminology. Or you may be unable to sign anything and may repeat one of the above scenarios.

If your documents were created before 2003 and have not been amended since, have your attorney review them for HIPAA compliant language. Are you missing some or all of these documents? Make an appointment today!

Visit http://www.stevenallen.com for tips and tools on Wealth Preservation. You can also subscribe to his monthly newsletter Secrets To Wealth Preservation. Steven W. Allen has been an Estate Planning attorney for over 30 years. He is a member of the Arizona Bar Association, National Lawyers Association, National Academy of Elder Law Attorneys and National Speakers Association. He is the author of four books including the most recent You Can’t Take It With You...So How Will You Leave It Behind?. Go to http://www.EstatePlanningDr.com for your 3 free chapters.