Healthcare providers and their business associates who handle identifiable protected health information (PHI) have both an ethical imperative as well as a legal mandate to ensure the privacy and security of this data.
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes requirements for the protection of patient health information from unauthorized use and disclosure without patient consent. Do you know if your accounting software is HIPAA compliant? Did you even know that it’s supposed to be?
Let’s look at what HIPAA rules mean for healthcare accounting software, which entities need to meet compliance requirements, and how organizations become HIPAA compliant.
How Does HIPAA Apply to Accounting Software?
Passed in 1996, HIPAA has grown from its beginnings as a way to make health insurance more portable for people changing jobs to a set of regulations that govern the privacy and protection of sensitive patient information.
HIPAA applies to both covered entities (for example, healthcare providers and insurers) and their business associates (any organization that must access PHI in the course of their business operations, such as vendors who provide billing, accounting, or legal services to covered entities). If an accounting software system used by a covered entity contains identifiable protected health information, such as patients’ names and contact information within detailed Accounts Receivable data, then it is subject to HIPAA rules.).
The following HIPAA rules apply to accounting software compliance.
HIPAA Privacy Rule
This rule mandates the protection of individually identifiable health information. Identifying data includes name, phone number, address, social security number, or any other personally identifiable details. Medical information covered by this rule includes mental or physical diagnosis, medical treatments, or payment history.
The HIPAA Privacy Rule dictates the use of patient data by healthcare providers and to whom they can disclose this information without explicit patient permission.
HIPAA Security Rule
This rule sets standards for how organizations secure electronic protected health information (ePHI). The safeguards required include administrative (policies and procedures for maintaining security), physical (controlled access), and technical (cybersecurity) safeguards. We’ll examine these safeguard designations more closely in a subsequent section. All security measures must be documented.
To learn more about the benefits of working with HIPAA-complaint accounting software, contact pmassey@ddaftech.com.