Are you a business that requires your vendor to be HIPAA compliant? Any vendors with whom you share protected health information (PHI)–such as patients’ medical data, dates of birth, names, addresses, social security numbers, or financial information are considered business associates under HIPAA regulation. PostalMethods is committed to assisting clients to comply with the HIPAA Regulations and ensuring that our services comply with each of the HIPAA regulation standards.
What Is HIPAA?
HIPAA is the US Health Insurance Portability and Accountability Act of 1996, which amends the Internal Revenue Service Code of 1986. The Administrative Simplification section of this act that has a pervasive effect on health plans, billing agencies, information systems vendors, and other providers. Within the provisions in this section, HIPAA requires improved efficiency in healthcare delivery by standardizing electronic data interchange (EDI) and protection of confidentiality and security of health data through setting and enforcing standards. More specifically HIPAA calls for:
- Standardization of electronic patient health, administrative, and financial data.
- Unique health identifiers for individuals, employers, health plans, and health care providers.
- Security and Privacy standards protecting the confidentiality and integrity of “individually identifiable health information,” past, present or future, (e.g. Encryption of data during transmission, Authentication, and Verification of the sender and receiver).
Who Is Affected by HIPAA?
The Act specifies the following as “covered entities”:
The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:
- Healthcare providers: Every healthcare provider, regardless of size of practice, who electronically transmits health information in connection with certain transactions. These transactions include claims, benefit eligibility inquiries, referral authorization requests, and other transactions for which HHS has established standards under the HIPAA Transactions Rule.
- Health plans: Entities that provide or pay the cost of medical care. Health plans include health, dental, vision, and prescription drug insurers; health maintenance organizations (HMOs); Medicare, Medicaid, Medicare+Choice, and Medicare supplement insurers; and long-term care insurers (excluding nursing home fixed-indemnity policies). Health plans also include employer-sponsored group health plans, government- and church-sponsored health plans, and multi-employer health plans.
- Exception: A group health plan with fewer than 50 participants that is administered solely by the employer that established and maintains the plan is not a covered entity.
- Healthcare clearinghouses: Entities that process nonstandard information they receive from another entity into a standard (i.e., standard format or data content), or vice versa. In most instances, healthcare clearinghouses will receive individually identifiable health information only when they are providing these processing services to a health plan or healthcare provider as a business associate.
Although PostalMethods does not fall into any of the above categories, as a provider of internet messaging services that handle patient data, HIPAA indirectly affects us. As a “business associate” of covered entities, our products must be able to HIPAA’s requirements. As an organization, our own security measures must comply with the law since we have the capability of storing, accessing, and transmitting patient information.
PostalMethods and HIPAA
The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing.
Business Associate Agreement Available
At clients’ request, PostalMethods will agree to enter into a “Business Associate” contract, a sample of which can be viewed on the U.S. Department of Health & Human Services website.
You can be sure with PostalMethods, that your information remains safe with our HIPAA compliant online mail service.