ARTICLE DETAIL

HIPAA - What do I need to know as a Health Entrepreneur?

Posted by Health Entrepreneur 02/03/2016

The enactment of “The Health Insurance Portability and Accountability Act” (HIPAA) Act was aimed at making health care affordable to all and also ensuring health insurance coverage to everyone. It didn’t take too much time for the lawmakers to realize that, in doing so, the privacy and confidentiality of patient health information would be jeopardized. But the result was an integral and indispensible part of HIPAA. Although, the health care organizations had to put in additional funds, resources, and efforts to comply with HIPAA, it opened vistas of business opportunities. Along with the security and privacy responsibilities, HIPAA has also created a “Peachy Leeway” for the new innovative business startups. Being an entrepreneur you just have to spot the scope and go for it!


 

Introduction

 

HIPAA- A Double- Edged Sword

 

HIPAA was implemented to provide increased healthcare security and privacy for the people, however, it is a “double-edged sword”.  For example, a leading health insurance company like Anthem Inc. had to pay a penalty of $1.7 million for a computer security breach in healthcare data. On the contrary, it also played the role of business “ladder” for many successful new healthcare technology startups like Aptible, Flatiron, Misfit, and CardLogix. Along with the security and privacy responsibilities, HIPAA has also created a “Peachy Leeway” for the new innovative business startups. Being an entrepreneur you just have to spot the scope and go for it!

 

Genesis of HIPAA

 

Have you ever asked this question, why on earth an Act like HIPAA came into existence? Well, the answer revolves around the fact that till the 1990’s there was deficiency of a convenient system for storage of health records and protection of the health information. To rectify the situation, in the year 1996, Congress passed an act named as “The Health Insurance Portability and Accountability Act” (HIPAA). The Act was an amalgam of five set of titles or rules.

 

The HIPAA act mainly dealt with three main purposes:

 
  • To provide healthcare coverage to the maximum population

  • To reduce fraud and abuse cases in the health insurance

  • To digitalize health records and promote its confidentiality and security



 

 

Figure 1- Important Components of HIPAA

 

Although, HIPAA Act was implemented, but there were some existing gaps in the Health Information Privacy Rule. So, in the need to strengthen the HIPAA Act, the Congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH) in the year 2009. The enactment of HITECH Act was aimed at strengthening of the electronic healthcare documentation system and Health Information Privacy rule. However, implementation of the HITECH Act required several amendments under the HIPAA Act. So, in order to modify certain terms and rules of the HIPAA Act, the Department of Health and Human Services (HHS) and the Office for Civil Rights)  issued the Final Omnibus Rule, in 2013.

 

The Omnibus Rule officially entitled as “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act,” was anticipated to augment the privacy rights of patient’s health records.

 

Amalgamation of the four revised rules led to the birth of the “The Final Omnibus Rule”:

  • Revision of HIPAA Privacy, Security, and Enforcement Rules

  • Revision of Privacy Rule, contemplated in 2010

  • Revision of Breach Notification Rule under the HITECH Act

  • Revision of Privacy rule required for implementation of Genetic Information Nondiscrimination Act (GINA)

 

The Omnibus Rule brought about certain vital changes in terms of interaction between covered entities and their business associates, and redefinition of terms like electronic storage material to electronic media and maximizing the non compliance penalty to $1.5 million. The origin of Omnibus Rule leads to the enactment of HIPAA amending to the HITECH rule. The Final Omnibus Rule worked as connecting “Puzzle piece” for the HIPAA and HITECH Act.

 

 

HIPAA compliance

 

The HIPAA Act implies certain strict norms of privacy and protection for the companies handling protected health information. The companies dealing with Personal Health Information (PHI) must safeguard it by auditing the status, storage location, network security and visibility. So, if a company complies with all the privacy and security norms, the company can be referred as HIPAA-compliant; a little deviation or breach may lead to noncompliance.

 

Penalty for Noncompliance

 

Non-compliance to HIPAA may have significant consequences, in terms of finance as well as reputation. The Office for Civil Rights (OCR) can impose both civil and criminal charges depending upon the extent of noncompliance. The civil penalties for HIPAA noncompliance vary depending upon the intention and level of breach.

 

Table 1: Civil penalties

 

 

Table 2: Criminal penalties

 

 

Please login to view full post.
 
 

Archives

Similar Articles

The Founding of a COVID Drugs Website

A short background piece on what inspires me to create a website to combat misin...

Read More
MedTech startup, Jiseki Health

MedTech startup, Jiseki Health, is a concierge service that helps its clients ta...

Read More
The Corona Page's Founding Story

A short background piece on what inspires me to create a website to combat misin...

Read More

3 C’s — Cancer, Cure and COVID — The Aftermath

What happens to cancer care post-COVID? The New Normal will be NOTHING like — th...

Read More
FDA: A Must-to-Know for Healthcare Entrepreneurs

In early 1900’s, the healthcare scenario in the US was chaotic with the new drug...

Read More

SUBSCRIBE TO NEWSLETTER

Subscribe here for free updates/newsletter

Inspirational Stories

  • Interview with Shanthu Kere, CEO, Palisha

    This health entrepreneur shares his motivational story that started with a "vision" to bring around a change in Oncology care-delivery, culminating in successful acquisition of his company. The journey, however, was fraught with hurdles and uncertainties that he overcame by staying true to his Mission.

    View more
  • Interview with Dr. Nilesh Nangrani

    Learn from an inspiring journey of an accomplished physician entrepreneur. Here he shares his beginnings, his life and his Vision to provide affordable and quality care to everyone, irrespective for their location.

    View more