NEMA HIPAA Privacy and Security Introduction

A NEMA paper on HIPAA is available here:  NEMA HIPAA Security Intro Overview.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed to law on July 21, 1996, and has the general objectives to:

  • Guarantee health insurance coverage of employees
  • Reduce health care fraud and abuse
  • Introduce/implement administrative simplifications in order to augment effectiveness and efficiency of the health care system in the United States
  • Protect the health information of individuals against access without consent or authorization

Within HIPAA there are Administrative Simplification regulations that, in early 2001, are in work.

The HIPAA Security and Electronic Signature Standards Notice of Proposed Rule Making defines security measures to be implemented in healthcare. This white paper gives an explanation of how this rule and the final rule about privacy of individually identifiable health information that became law on December 28, 2000, impact the medical imaging world.

This document is intended for educational purposes. It does not contain concise definitions nor mandatory guidelines, but instead outlines the main components of HIPAA that affect medical imaging equipment.

Covered Entities (CEs) as defined by HIPAA are health plans, health care clearinghouses, and health care providers who transmit any health information in electronic form in connection with certain standard transactions. These CEs need to support many different data formats and protocols. Having only a single set of data formats and protocols will simplify administration. HIPAA defines standards for a set of transactions conducted in electronic form while still allowing any non-standardized paper form for these transactions. The proposed security standard would apply to all health information that is electronically maintained or electronically transmitted. The approved privacy standard applies to individually identifiable health information transmitted or maintained in any form, oral, written or electronic – called Protected Health Information (PHI). There are other regulations pending that deal with National Provider ID and National Employer ID; additional regulations will be proposed on National Health Plan ID, Claims Attachments, and National Individual Identifiers. We should think of HIPAA as an ongoing process to standardize the digitalization of health care information within the United States.

SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See Post HIPAA Privacy and Security Roadmap).  For information on our subscriptions go to Subscribe page on our site.

Remote Webmeeting Assessments

SoftwareCPR can provide remote offsite assessments to support virtual offices.  Our consultants can utilize webmeeting tools to walk your teams through assessments such as:

  • 62304 compliance
  • Regulatory submission pre-review
  • Software risk analysis
  • Cybersecurity process and validation
  • Overall ISO 14971 risk management
  • Overview of software regulation with John Murray

Email office@softwarecpr.com
for more info!

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.