Health Insurance ? Not As Straightforward As It Would Seem

Most of the seven million people covered by health insurance in the UK have a policy provided by their company. As such it is a useful benefit, but many of us assume that it will cover any kind of health issue and this is definitely not the case. The insurers exclude a wide variety of possible claims, and this article will explain those in detail.

Health insurance has a very specific purpose ? to get people suffering from short-term, curable health problems straight through to a consultant and to receive top quality private care in top speed time. Essentially, it's about jumping the lengthy NHS queues. However, there are many health problems that don't fit into this narrow band, and as such are not covered by a health insurance policy.

Be aware however that every policy is different, and only be reading your own policy documents will you be able to find out exactly what you are covered for. This article will give you the knowledge you need to understand your policy better.

Defining ? Chronic'

Illnesses and conditions etc fall into two main categories: ?acute' and ?chronic'. Short-term illnesses that can be fixed and cured are called ?acute', for example if you fell and broke your arm, this would be classed as acute. If, however, your problem is either incurable or deemed to be a long-term issue, then it will be classed as ?chronic' and subsequently you will not be able to make a claim.

What counts as ?acute' and what counts as ?chronic' is a hotly disputed issue between insurance companies and their customers. Diabetes and asthma are acknowledged as chronic, long-term conditions that cannot be cured.

The issues become more difficult with certain types of cancer. It often happens that the cancer is considered to be treatable at first, and then the diagnosis is changed at a later time to incurable. In this case, you would only be covered as long as the cancer was diagnosed curable. If the prognosis changes you will lose your cover. Insurance companies are allowed to reclassify an illness from acute to chronic at any time.

What about the long-term
If you need long-term treatment then you're out of luck. However insurers have different ideas on what constitutes long-term, you may be covered for 10 months or up to a year, but it probably won't be for any longer than that. Check your policy for details.

Does preventative medicine count?
Health insurance cannot be used to pay for preventative treatment, although that is another matter of contention. For example, a drug called ?Herceptin' can be used to help women who have ?HER2', a virulent form of breast cancer. The drug has helped reduce the risk of the cancer returning by an average of 50%. Many would call this an essential treatment, but some insurers call it preventative. Legal and General and Axa PPP will not pay for this treatment, however BUPA, Standard Life Healthcare, Norwich Union and WPA will.

Drugs not yet available on the NHS
You might think that it doesn't matter if the drug is available on the NHS, but it relates to the system of drug approval in England and Wales. Before a drug can be used in the NHS, it must be approved by The Institute for Health and Clinical Excellence. The problem is, if it's not approved, the insurance company won't allow you to be treated with it. Huge delays affect the introduction of new drugs into the NHS because The Institute for Health and Clinical Excellence must first ascertain if the benefits of the drug justify the financial costs of adding it to the NHS treatments. As a result, the drug you need may not be approved, and if so, it won't be covered.

Aware of this problem. the Financial Ombudsman issued a compromise which stipulates if the insurer won't cover ?experimental treatments', then it should cover the cost of the approved conventional treatment. The policyholder is then free to undergo the experimental treatment and pay the surplus if it's more expensive.

Pre-existing conditions

A ?pre-existing condition' describes a condition or illness that you suffered from before starting your health insurance policy. You will have to provide details of all these when you fill out your application form. That way the insurer is aware of what they can exclude from your policy. Be sure to be truthful in the application form as the insurer can easily contact your doctor to see your medical history, and they often do ? having requested your approval first. They will also sometimes ask people to undergo a medical examination.

What counts as a pre-existing condition is also a potentially sore subject. If you fell off your horse years ago and fractured an ankle, you may find in later life that it starts playing up again and you need an operation to fix the problem. The insurance company may reject a claim, saying that it's a condition that occurred before the policy began. If that happens, you either pay yourself, or go with the NHS.

Some insurance companies write a moratorium provision into their policies, which allows some respite from a potential long list of pre-existing conditions. For example, you may be covered as long as you have not suffered from the condition for two years, with the condition first taking place in the last five years. These time frames are individual to insurance companies, read the small print first to see if your policy includes a moratorium provision.

The condition or illness is excluded

Health insurance is renewable on a yearly basis and at renewal time, you may find that your policy, and your premiums, have changed ? often not for the better.

If you are undergoing treatment at time of renewal, it's possible that your condition or illness will have become ?excluded' in the renewed policy, and that you will have to cover the cost of the rest of the treatment.

Because medical research is advancing so quickly, and the number of conditions considered treatable is increasing, the goalposts are always shifting as to what is chronic and what is acute.

The insurance companies are usually trying to cover their own backs. More conditions are being classified as acute, so they have to pay out more in claims. At the same time, newly introduced treatments and drugs are often expensive, so that's more expense to the insurer. To cover their losses, the insurers increase the premiums, and introduce some more exclusions. You have to watch out for this as you may renew your policy without realising that some very important details have changed.

So if have Health Insurance, or you are considering signing up to a policy, take this article into account and read the small print so you know exactly what is and isn't covered. And the golden rule: before getting treatment, always double check with your insurer first that it is covered.

About the Author: Safeguard is a uk critical illness insurance website. We provide a huge amount of information based around our products, to read more visit the critical illness information

Finding Affordable Health Insurance

Affordable health insurance - it seems, particularly today, those words just don't belong together in the same sentence. Health insurance monthly premiums are becoming the biggest single expense in our lives - surpassing even mortgage payments. In fact, if you have any permanent health problems, such as diabetes, or have had cancer at one time in your family history, your monthly cost could easily be more than the house and car payment combined.

Shopping for affordable health insurance can certainly be an eye-opener. If you have always had a health insurance benefit where you work - especially a state or federal employee - and now have to buy your own, you may not be able to afford the level of health insurance coverage you have become used to.

Affordable health insurance, however, is definitely available -if you know how and where to look.

When you are looking for affordable health insurance, you want the lowest cost per year that will fit your budget, of course. But, even more importantly, you want a company that has a good record for paying without fighting with you on every detail. Just as there is a car for just about any budget, there is also affordable health insurance. You may not be able to afford a "Cadillac" policy - but then you probably don't need all the frills anyway.

Shopping for health insurance on the internet is the easiest and best way to find affordable health insurance. Here are five reasons why.

1. You don't need a local agent to help you submit the claims for health insurance. The medical provider does it for you. You save money because the health insurance company saves money by not paying the agent commission. This could amount to an 8% to 12% savings to you. 2. All the top health insurance companies are at your fingertips on the internet. Most local agents can only quote you from the few companies that they represent. They may not offer you what is best for you financially or health-wise but only what they happen to have available. 3. Health insurance companies have to be extremely competitive because it is so quick and easy to compare them with their competitors on the internet today. In the past you would have had to visit physically eight to ten agents to do a similar comparison. Most folks just didn't have the time or desire for that. 4. You can change your coverage, deductibles, and payment options with just a few clicks rather than going through the paperwork delay with a local agent (and then finding out he/she made a mistake - more delay). 5. Charging to a credit card means you aren't going to forget a payment and be without insurance. Also, it gives you another 30 days before you actually have to pay. Also, many companies today give an additional discount for "auto-pay".

The key, however, to finding affordable health insurance is realizing that the purpose of any health insurance is to protect you from a major financial loss - not to protect you from spending small money on clinic visits and sliver removal. These small expenses may be cumbersome but they generally will not hurt you. It's the $100,000 heart operation that will break you. That's the financial disaster health insurance was originally designed to prevent.

Also, keep this in mind. Health insurance, as with any insurance, is a gamble. You are gambling that you will draw out more than you pay in. Your health insurance company is gambling they will pay out less. The odds are in their favor for two reasons. They have all the facts for millions of families to average out, so they know the risk in advance. Also, they get to set the rules and the prices. The higher you set your deductible, the more risk you take. This is not a bad thing at all. You will most likely be the winner in the long run.

Yes, finding affordable health insurance is much easier than most people think.

By adding more of the risk with higher deductibles, spending a little time on the internet comparing eight to ten different companies, and deleting coverage that you will not likely need (such as maternity for many people) will make it likely for you to find your own affordable health insurance.

Daniel J Lesser is the creator of HotHealthInsuranceSecrets.com. A whole world awaits those healthy enough to see it. Find out how to stay healthy at an affordable price www.hothealthinsurancesecrets.com.

Health Insurance ? Not As Straightforward As It Would Seem

Most of the seven million people covered by health insurance in the UK have a policy provided by their company. As such it is a useful benefit, but many of us assume that it will cover any kind of health issue and this is definitely not the case. The insurers exclude a wide variety of possible claims, and this article will explain those in detail.

Health insurance has a very specific purpose ? to get people suffering from short-term, curable health problems straight through to a consultant and to receive top quality private care in top speed time. Essentially, it's about jumping the lengthy NHS queues. However, there are many health problems that don't fit into this narrow band, and as such are not covered by a health insurance policy.

Be aware however that every policy is different, and only be reading your own policy documents will you be able to find out exactly what you are covered for. This article will give you the knowledge you need to understand your policy better.

Defining ? Chronic'

Illnesses and conditions etc fall into two main categories: ?acute' and ?chronic'. Short-term illnesses that can be fixed and cured are called ?acute', for example if you fell and broke your arm, this would be classed as acute. If, however, your problem is either incurable or deemed to be a long-term issue, then it will be classed as ?chronic' and subsequently you will not be able to make a claim.

What counts as ?acute' and what counts as ?chronic' is a hotly disputed issue between insurance companies and their customers. Diabetes and asthma are acknowledged as chronic, long-term conditions that cannot be cured.

The issues become more difficult with certain types of cancer. It often happens that the cancer is considered to be treatable at first, and then the diagnosis is changed at a later time to incurable. In this case, you would only be covered as long as the cancer was diagnosed curable. If the prognosis changes you will lose your cover. Insurance companies are allowed to reclassify an illness from acute to chronic at any time.

What about the long-term
If you need long-term treatment then you're out of luck. However insurers have different ideas on what constitutes long-term, you may be covered for 10 months or up to a year, but it probably won't be for any longer than that. Check your policy for details.

Does preventative medicine count?
Health insurance cannot be used to pay for preventative treatment, although that is another matter of contention. For example, a drug called ?Herceptin' can be used to help women who have ?HER2', a virulent form of breast cancer. The drug has helped reduce the risk of the cancer returning by an average of 50%. Many would call this an essential treatment, but some insurers call it preventative. Legal and General and Axa PPP will not pay for this treatment, however BUPA, Standard Life Healthcare, Norwich Union and WPA will.

Drugs not yet available on the NHS
You might think that it doesn't matter if the drug is available on the NHS, but it relates to the system of drug approval in England and Wales. Before a drug can be used in the NHS, it must be approved by The Institute for Health and Clinical Excellence. The problem is, if it's not approved, the insurance company won't allow you to be treated with it. Huge delays affect the introduction of new drugs into the NHS because The Institute for Health and Clinical Excellence must first ascertain if the benefits of the drug justify the financial costs of adding it to the NHS treatments. As a result, the drug you need may not be approved, and if so, it won't be covered.

Aware of this problem. the Financial Ombudsman issued a compromise which stipulates if the insurer won't cover ?experimental treatments', then it should cover the cost of the approved conventional treatment. The policyholder is then free to undergo the experimental treatment and pay the surplus if it's more expensive.

Pre-existing conditions

A ?pre-existing condition' describes a condition or illness that you suffered from before starting your health insurance policy. You will have to provide details of all these when you fill out your application form. That way the insurer is aware of what they can exclude from your policy. Be sure to be truthful in the application form as the insurer can easily contact your doctor to see your medical history, and they often do ? having requested your approval first. They will also sometimes ask people to undergo a medical examination.

What counts as a pre-existing condition is also a potentially sore subject. If you fell off your horse years ago and fractured an ankle, you may find in later life that it starts playing up again and you need an operation to fix the problem. The insurance company may reject a claim, saying that it's a condition that occurred before the policy began. If that happens, you either pay yourself, or go with the NHS.

Some insurance companies write a moratorium provision into their policies, which allows some respite from a potential long list of pre-existing conditions. For example, you may be covered as long as you have not suffered from the condition for two years, with the condition first taking place in the last five years. These time frames are individual to insurance companies, read the small print first to see if your policy includes a moratorium provision.

The condition or illness is excluded

Health insurance is renewable on a yearly basis and at renewal time, you may find that your policy, and your premiums, have changed ? often not for the better.

If you are undergoing treatment at time of renewal, it's possible that your condition or illness will have become ?excluded' in the renewed policy, and that you will have to cover the cost of the rest of the treatment.

Because medical research is advancing so quickly, and the number of conditions considered treatable is increasing, the goalposts are always shifting as to what is chronic and what is acute.

The insurance companies are usually trying to cover their own backs. More conditions are being classified as acute, so they have to pay out more in claims. At the same time, newly introduced treatments and drugs are often expensive, so that's more expense to the insurer. To cover their losses, the insurers increase the premiums, and introduce some more exclusions. You have to watch out for this as you may renew your policy without realising that some very important details have changed.

So if have Health Insurance, or you are considering signing up to a policy, take this article into account and read the small print so you know exactly what is and isn't covered. And the golden rule: before getting treatment, always double check with your insurer first that it is covered.

Safeguard is a uk critical illness insurance website. We provide a huge amount of information based around our products, to read more visit the critical illness information

Finding Affordable Health Insurance

Affordable health insurance - it seems, particularly today, those words just don't belong together in the same sentence. Health insurance monthly premiums are becoming the biggest single expense in our lives - surpassing even mortgage payments. In fact, if you have any permanent health problems, such as diabetes, or have had cancer at one time in your family history, your monthly cost could easily be more than the house and car payment combined.

Shopping for affordable health insurance can certainly be an eye-opener. If you have always had a health insurance benefit where you work - especially a state or federal employee - and now have to buy your own, you may not be able to afford the level of health insurance coverage you have become used to.

Affordable health insurance, however, is definitely available -if you know how and where to look.

When you are looking for affordable health insurance, you want the lowest cost per year that will fit your budget, of course. But, even more importantly, you want a company that has a good record for paying without fighting with you on every detail. Just as there is a car for just about any budget, there is also affordable health insurance. You may not be able to afford a "Cadillac" policy - but then you probably don't need all the frills anyway.

Shopping for health insurance on the internet is the easiest and best way to find affordable health insurance. Here are five reasons why.

1. You don't need a local agent to help you submit the claims for health insurance. The medical provider does it for you. You save money because the health insurance company saves money by not paying the agent commission. This could amount to an 8% to 12% savings to you. 2. All the top health insurance companies are at your fingertips on the internet. Most local agents can only quote you from the few companies that they represent. They may not offer you what is best for you financially or health-wise but only what they happen to have available. 3. Health insurance companies have to be extremely competitive because it is so quick and easy to compare them with their competitors on the internet today. In the past you would have had to visit physically eight to ten agents to do a similar comparison. Most folks just didn't have the time or desire for that. 4. You can change your coverage, deductibles, and payment options with just a few clicks rather than going through the paperwork delay with a local agent (and then finding out he/she made a mistake - more delay). 5. Charging to a credit card means you aren't going to forget a payment and be without insurance. Also, it gives you another 30 days before you actually have to pay. Also, many companies today give an additional discount for "auto-pay".

The key, however, to finding affordable health insurance is realizing that the purpose of any health insurance is to protect you from a major financial loss - not to protect you from spending small money on clinic visits and sliver removal. These small expenses may be cumbersome but they generally will not hurt you. It's the $100,000 heart operation that will break you. That's the financial disaster health insurance was originally designed to prevent.

Also, keep this in mind. Health insurance, as with any insurance, is a gamble. You are gambling that you will draw out more than you pay in. Your health insurance company is gambling they will pay out less. The odds are in their favor for two reasons. They have all the facts for millions of families to average out, so they know the risk in advance. Also, they get to set the rules and the prices. The higher you set your deductible, the more risk you take. This is not a bad thing at all. You will most likely be the winner in the long run.

Yes, finding affordable health insurance is much easier than most people think.

By adding more of the risk with higher deductibles, spending a little time on the internet comparing eight to ten different companies, and deleting coverage that you will not likely need (such as maternity for many people) will make it likely for you to find your own affordable health insurance.

Daniel J Lesser is the creator of HotHealthInsuranceSecrets.com. A whole world awaits those healthy enough to see it. Find out how to stay healthy at an affordable price www.hothealthinsurancesecrets.com

Help! I Lost My Health Insurance!

It can literally be one of the scariest places to find yourself - without health insurance coverage. When a simple trip to the emergency room can lead to thousands of dollars in charges, the last thing you need is to not have health insurance. But what options do you have? Graduating from college can be a true rite of passage into adulthood, because this is the time when most health insurance plans drop you from your parents' plan. Even landing a job right after graduation can still mean that you will have to go through a grace period before the company's health insurance kicks in. And if you have left a job for greener pastures, well...don't get sick or injured!

But do I even have options?

Well you probably do have options for health insurance coverage, but they may not be ideal. If you have quit your job, then you will have the option of extending your health insurance benefits for up to 18 months - thanks to COBRA. The only catch is that you will have to pay for those benefits out of your own pocket. Not exactly an easy thing to do without that paycheck rolling in every week.

Is that it? Is that my only hope?

Before you panic, just relax. The solution is short-term health insurance. As the name implies, this solution offers you health insurance options for a limited period of time. Most short-term health insurance benefits are available for 30 to 180 days. Depending on where you live, you may be able to obtain these benefits for up to a year.

And short term health insurance is the same as what I had at work?

Well, if you mean that you have coverage in the event of a hospital visit or sudden illness, then yes. You also can pick your own doctors and hospitals, which is actually an advantage over some health insurance plans offered by employers. But there are definitely coverage limitations on short-term health insurance plans.

So what am I not covered for?

That really is the million dollar question, isn't it? Well, routine medical exams are not covered by a short term health insurance policy. Any kind of preventative care is also out the window with this type of coverage. Plus, you can forget about dental and optical coverage with short-term health insurance. For obvious reasons, this sort of health insurance also does not cover medical costs relating to a pregnancy nor, anything having to do with the childbirth itself.

No offense, by why should I bother with short term health insurance?

Because a simple trip to the emergency room can cost thousands of dollars, and any emergency procedure and hospital stay can cost tens of thousands of dollars. Hey, short- term health insurance is not supposed to be the long-term solution. It is just a way to make sure you are covered while you are not on any employer's health insurance plan. And it can help you avoid going into serious debt, should something happen to you when you are not otherwise covered on a health insurance plan. For that reason alone, it is definitely worth the expense.

Albert Medinas has developed and maintains the website Health Insurance Resources, which answers the most common questions people have about Health Insurance. Please visit us at http://www.healthinsuranceresources.ws today.

Health Insurance

When you are in your late teens and twenties, possibly up to the age of forty, it's hard for people to understand why they need health insurance. For some people, it may be less expensive to pay full price when going to the doctor then pay the monthly fee associated with health insurance. These people may ask whether or not health insurance is even worth it. For most people, however, health insurance is a huge money saver. But what are the different types of health insurance and how should you go about determining what is right for you.

There are mainly two types of insurance: Indemnity plans and managed care plans. Indemnity plans are insurance plans in which an insurer reimburses the insured for medical expenses no matter who provided the service. There are three plans within the indemnity category. These include reimbursement of actual charges, reimbursement of a percentage of the actual charges and indemnity. In the first plan, the insurer will reimburse for the entire cost of the service, the second plan covers a percentage, while indemnity pays a certain amount daily for a certain number of days.

Managed care plans have three main types: HMOs (Health Maintenance Organizations), PPOs (Preferred Provider Organizations) and finally POSs (Point of Service plans). In an HMO plan, members pay a flat monthly rate. In most circumstances, the HMO member must use medical professionals from the preferred network. Unlike HMOs, PPOs are paid on a service by service basis. PPOs are often sponsored by employers or insurance companies who reimburse the insured for the service, minus of course any co-payments. A POS is a plan in which the insured pays no deductible and a small co-payment as long as the service provider is a part of the network.

So, what should you do? Well, you should start by investigating your health insurance options. What does your employer provide? Most employers do not pay the deductible for their employees; however, the rate is reduced as it is often a group situation. The best way to determine the best plan for you is to educate yourself on what is available and what you need.

Sara Chambers is a marketing consultant and an internet content manager for http://www.healthinsuranceweblog.com

Individual Health Insurance Plans

When looking for individual health insurance plans it's important to remember that generally you'll find better rates if you deal directly with the insuring company. The internet now allows individuals the chance to plug in a few personal details and obtain individual health insurance plans quotes. Some questions to consider when choosing your coverage are the following:

1) Is it important that you keep your current Doctor?

2) Is it important that you have access to alternative care such acupuncture or massage therapy?

3) How high a deductible are you comfortable with?

Individual Health Insurance Plans tailored to your needs.

Most people looking for individual health insurance plans are seeking modest insurance coverage, but they also want some of the basic essentials such as regular Doctor visits and prescription coverage. Keep in mind that your premium costs will vary depending on how high your deductible is and what kind of coverage you have. Generally the higher the deductible, the lower your monthly premiums. When choosing your coverage try to match low prices with quality coverage.

Mike Yeager

http://www.a1-healthinsurance-4u.com/

mjy610@hotmail.com

Medical Billing, HIPAA Compliance, and Role Based Access Control

HIPAA compliance requires special focus and effort as failure to comply carries significant risk of damage and penalties. A practice with multiple separate systems for patient scheduling, electronic medical records, and billing, requires multiple separate HIPAA management efforts. This article presents an integrated approach to HIPAA compliance and outlines key HIPAA terminology, principles, and requirements to help the practice owner to ensure HIPAA compliance by medical billing service and software vendors.

The last decade of the previous century witnessed accelerating proliferation of digital technology in health care, which, along with reduced costs and greater service quality, introduced new and greater risks for accidental disclosure of personal health information.

The Health insurance Portability and Accountability Act (HIPAA) was passed in 1996 by Congress to establish national standards for privacy and security of personal health data. The Privacy Rule, written by the US Department of Health and Human Services took effect on April 14, 2003.

Failure to comply with HIPAA risks accreditation and reputation damage, lawsuits by federal government, financial penalties, ranging from $100 to $250,000, and imprisonment, ranging from one year to ten years.

Protected Health Information (PHI)

The key term of HIPAA is Protected Health Information (PHI), which includes anything that can be used to identify an individual and any information shared with other health care providers or clearinghouses in any media (digital, verbal, recorded voice, faxed, printed, or written). Information that can be used to identify an individual includes:

1. Name
2. Dates (except year)
3. Zip code of more than 3 digits, telephone and fax numbers, email
4. Social security numbers
5. Medical record numbers
6. Health plan numbers
7. License numbers
8. Photographs

Information shared with other healthcare providers or clearinghouses

1. Nursing and physician notes
2. Billing and other treatment records

Principles of HIPAA

HIPAA intends to allow smooth flow of PHI for healthcare operations subject to patient's consent but prohibit any flow of unauthorized PHI for any other purposes. Healthcare operations include treatment, payment, care quality assessment, competence review training, accreditation, insurance rating, auditing, and legal procedures.

HIPAA promotes fair information practices and requires those with access to PHI to safeguard it. Fair information practices means that a subject must be allowed

1. Access to PHI,
2. Correction for errors and completeness, and
3. Knowledge of others who use PHI

Safeguarding of PHI means that the persons that hold PHI must

1. Be accountable for own use and disclosure
2. Have a legal recourse to combat violations

HIPAA Implementation Process

HIPAA implementation begins upon making assumptions about PHI disclosure threat model. The implementation includes both pre-emptive and retroactive controls and involves process, technology, and personnel aspects.

A threat model helps understanding the purpose of HIPAA implementation process. It includes assumptions about

1. Threat nature (Accidental disclosure by insiders? Access for profit? ),
2. Source of threat (outsider or insider?),
3. Means of potential threat (break in, physical intrusion, computer hack, virus?),
4. Specific kind of data at risk (patient identification, financials, medical?), and
5. Scale (how many patient records threatened?).

HIPAA process must include clearly stated policy, educational materials and events, clear enforcement means, a schedule for testing of HIPAA compliance, and means for continued transparency about HIPAA compliance. Stated policy typically includes a statement of least privilege data access to complete the job, definition of PHI and incident monitoring and reporting procedures. Educational materials may include case studies, control questions, and a schedule of review seminars for personnel.

Technology Requirements for HIPAA Compliance

Technology implementation of HIPAA proceeds in stages from logical data definition to physical data center to network.

1. To assure physical data center security, the manager must
   1. Lock data center
   2. Manage access list
   3. Track data center access with closed circuit TV cameras to monitor both internal and external building activities
   4. Protect access to data center with 24 x 7 onsite security
   5. Protect backup data
   6. Test recovery procedure

2. For network security, the data center must have special facilities for
   1. Secure networking - firewall protection, encrypted data transfer only
   2. Network access monitoring and report auditing

3. For data security, the manager must have
   1. Individual authentication - individual logins and passwords
   2. Role Based Access Control (see below)
   3. Audit trails - all access to all data fields tracked and recorded
   4. Data discipline - Limited ability to download data

Role Based Access Control (RBAC)

RBAC improves convenience and flexibility of systems management. Greater convenience helps reducing the errors of commission and omission in granting access privileges to users. Greater flexibility helps implement the policy of least privilege, where the users are granted only as much privileges as required for completing their job.

RBAC promotes economies of scale, because the frequency of changes of role definition for a single user is higher than the frequency of changes of role definitions across entire organization. Thus, to make a massive change of privileges for a large number of users with same set of privileges, the administrator only makes changes to the role definition.

Hierarchical RBAC further promotes economies of scale and reduces the likelihood of errors. It allows redefining roles by inheriting privileges assigned to roles in the higher hierarchical level.

RBAC is based on establishing a set of user profiles or roles according to responsibilities. Each role has a predefined set of privileges. The user acquires privileges by receiving membership in the role or assignment of a profile by the administrator.

Every time when the definition of the role changes along with the set of privileges that is required to complete the job associated with the role, the administrator needs only to redefine the privileges of the role. The privileges of all of the users that have this role get redefined automatically.

Similarly, if the role of a single user is changed, the only operation that needs to be performed is the reassignment of the user profile, which will redefine user's access privileges automatically according to the new profile.

Summary

HIPAA compliance requires special practice management attention. A practice with multiple separate systems for scheduling, electronic medical records, and billing, requires multiple separate HIPAA management efforts. An integrated system reduces the complexity of HIPAA implementation. By outsourcing technology to a HIPAA-compliant vendor of vericle-like technology solution on an ASP or SaaS basis, HIPAA management overhead can be eliminated (see companion papers on ASP and SaaS for medical billing).

Yuval Lirov, PhD, author of "Mission Critical Systems Management" (Prentice Hall) , inventor of multiple patents in artificial intelligence and computer security, and CEO of Vericle.com Billing Technologies. Vericle delivers comprehensive practice workflow engine that integrates patient scheduling, electronic medical records (EMR), billing, transcription, and compliance management. By consolidating technology for hundreds of separate billing services, Vericle? tracks payer performance from a single point of control, shares compliance rules globally, and creates massive economies of scale. Yuval invites you to share your knowledge of medical billing and compliance at BillingWiki.com and register to the next webinar on audit risk at ChiroAudit.com.

HIPAA and the Internet: Requirements for Intranet Collaboration Software

Sharing private health information over the internet can be a risky business. Unfortunately, as people become accustomed to doing most if not all of their personal business online, the demand for accessing this information online will grow to the point that health care providers will have no choice but to either provide access to this private health information or lose their customers.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to assure the confidentiality of patient information. This requires that health care providers employ stringent measures to assure that information shared on the internet is protected from unauthorized access.

The HIPAA Act requires health-providing entities to:

 

 

 

• Assign responsibility for security to a person or organization.

   

   

• Assess security risks and determine the major threats to the security and privacy of protected health information.

   

   

• Establish a program to address physical security, personnel security, technical security controls, and security incident response and disaster recovery.

   

   

• Certify the effectiveness of security controls.

   

   

• Develop policies, procedures and guidelines for use of personal computing devices (workstations, laptops, hand-held devices), and for ensuring mechanisms are in place that allow, restrict and terminate access (access control lists, user accounts, etc.) appropriate to an individual's status, change of status or termination.

   

   

• Implement access controls that may include encryption, context-based access, role-based access, or user-based access; audit control mechanisms, data authentication, and entity authentication

 

This law has serious implications for organizations that allow unauthorized access resulting in a breach in confidentiality.

Security is the key

Since the HIPAA law provides for both civil and criminal penalties for violations, data and access security is of the utmost importance. To assure HIPAA compliance, online document management must include a number of security features:

 

 

 

• Secure web server – a server running secure socket layers is the minimum needed.

   

   

• Encrypted database – all data must be encrypted. Software is available that will encrypted all data sent between two computer over the internet.

   

   

• Secure access control -- in addition to a traditional user id and password, it may be a good idea to use a strong password or smart card as additional security.

   

   

• Session timeout – this assures that confidential data is not left on an unattended screen.

   

   

• Server monitoring – the secure web server needs to be strictly monitored to detect break-in attempts.

   

   

• Regular security audits – regular audits are required to make sure all security precautions are working properly.

   

   

• Personnel – system maintenance should be in the hands of qualified personnel familiar with HIPPA requiremen

  Rick Mosenkis is the President and CEO of Trichys, the creators of WorkZone hosted intranet and extranet software, including a higher-security version for HIPAA compliance. With customers around the world, among large and small companies, Trichys develops easy-to-use web-based software that allows non-technical business professionals to leverage the power of the Internet without IT support.