NEMA HIPAA Privacy and Security Introduction

A NEMA paper on HIPAA is available here:  NEMA HIPAA Security Intro Overview.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed to law on July 21, 1996, and has the general objectives to:

  • Guarantee health insurance coverage of employees
  • Reduce health care fraud and abuse
  • Introduce/implement administrative simplifications in order to augment effectiveness and efficiency of the health care system in the United States
  • Protect the health information of individuals against access without consent or authorization

Within HIPAA there are Administrative Simplification regulations that, in early 2001, are in work.

The HIPAA Security and Electronic Signature Standards Notice of Proposed Rule Making defines security measures to be implemented in healthcare. This white paper gives an explanation of how this rule and the final rule about privacy of individually identifiable health information that became law on December 28, 2000, impact the medical imaging world.

This document is intended for educational purposes. It does not contain concise definitions nor mandatory guidelines, but instead outlines the main components of HIPAA that affect medical imaging equipment.

Covered Entities (CEs) as defined by HIPAA are health plans, health care clearinghouses, and health care providers who transmit any health information in electronic form in connection with certain standard transactions. These CEs need to support many different data formats and protocols. Having only a single set of data formats and protocols will simplify administration. HIPAA defines standards for a set of transactions conducted in electronic form while still allowing any non-standardized paper form for these transactions. The proposed security standard would apply to all health information that is electronically maintained or electronically transmitted. The approved privacy standard applies to individually identifiable health information transmitted or maintained in any form, oral, written or electronic – called Protected Health Information (PHI). There are other regulations pending that deal with National Provider ID and National Employer ID; additional regulations will be proposed on National Health Plan ID, Claims Attachments, and National Individual Identifiers. We should think of HIPAA as an ongoing process to standardize the digitalization of health care information within the United States.

SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See Post HIPAA Privacy and Security Roadmap).  For information on our subscriptions go to Subscribe page on our site.

Upcoming Training

62304, FDA, and Emerging Standards for Medical Device and HealthIT
Instructors:  Brian Pate, John F. Murray, Jr
Location: Sunnyvale, CA, USA
Dates:  February 4-6, 2020
Registration Link

Receive $300 discount with Premium-Individual subscription purchase (or $333 per person for Premium-Company subscription)!  Email training@softwarecpr.com
to receive discount

QSS Software Validation
Planned Instructors:  Brian Pate, John F. Murray, Jr
Location: Boston, MA, USA
Dates:  June 2-4, 2020
For info on this course, email training@softwarecpr.com

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.