HIPAAClickAndComply.com Logo
Call Us Today 888-647-0770 ext:300
Our Services
Benefits
Web-based
Easy to Use
Affordable
National Expertise
Enterprise Solution Available
Buy Now
Purchase Information
Send This Page to a Friend
Don't Face the HIPAA Challenge Alone

Who Needs Our Services?

Who is covered by HIPAA (Covered Entity)?
Any person, business, or agency

  1. That furnishes, bills or receives payment for health care in the normal course of business and,
  2. Conducts covered transactions like treatment, payment, benefits and claims processing (anything that requires use or disclosure of patient information in which the patient can be identified) and,
  3. The covered transactions are transmitted in electronic form (which includes the Internet, Extranets, leased lines, dial-up lines, and private networks, and those transmissions that are physically moved from one location to another using magnetic tape, disk, or CD media).

What did Covered Entities have to do to comply with the privacy provisions of HIPAA?
By April 14, 2003 "Covered Entities" were required to:

  1. Establish Privacy Policies and Procedures that implement the requirements of HIPAA.
  2. Provide policies and procedures training to staff who work with health information.
  3. Appoint a Privacy Official.
  4. Post a Notice of Privacy Practices in a publicly accessible and prominent place within their facilities and on their web site if a web site exists.
    1. Health care providers must distribute a copy to all patients when they are treated and get an acknowledgement of receipt.
    2. Health plans must mail the notice to all members at least once per year.
    3. Both have to make it available to anyone who asks.

What are the ongoing privacy requirements for Covered Entities after April 14, 2003?
In accordance with the above HIPAA policies and procedures, covered entities must:

  1. Protect the privacy of patients by…
    1. Limiting access to patient information for staff who do not need it to do their jobs.
    2. Preventing unauthorized uses or disclosures.
    3. Properly controlling and destroying health information.
    4. Disclosing health information properly. Examples include…
      1. To law enforcement.
      2. About the deceased.
      3. To meet judicial or legal demands.
      4. For research.
      5. To oversight authorities.
  2. Accommodate reasonable patient requests that are specified as rights under HIPAA:
    1. To access their health information (e.g. “I want to see all of my test results and physician evaluations.”).
    2. To restrict uses and disclosures of their information (e.g. “Do not tell my family about my condition.”).
    3. To appoint personal representatives who can make decisions for the patient.
    4. For confidential communications (e.g. “Call my office, not my home, to discuss my condition.”).
    5. To amend their files (e.g. “Please include in your files these test results about my condition that I obtained from an independent lab.”).
    6. For an Accounting of Disclosures report (e.g. “Give me a list that shows me what health information you disclosed about me, to whom it was disclosed, when and reason for doing so, over the last six years.”).
  3. Train new staff in Privacy Policies and Procedures.
  4. Update Privacy Policies and Procedures and training to reflect changes in the law.
  5. Impose these requirements on all business associates who have contact with health information.
  6. Cooperate the Federal Department of Health and Human services efforts to enforce HIPAA.

What are the penalties for HIPAA violations?
A person is in violation if he/she…

  1. Knowingly uses or causes to be used a unique health identifier (like a patient ID number);
  2. Obtains individually identifiable health information in an unauthorized manner or for unauthorized purposes.
  3. Discloses individually identifiable health information to another person in an unauthorized manner.

For violations that do not involve false pretenses, violators can be…

  1. Fined not to exceed more than $50,000,
  2. Imprisoned not more than 1 year,
  3. or both.

For violations that do involve false pretenses, violators can be…

  1. Fined not more than $100,000,
  2. Imprisoned not more than 5 years
  3. or both.

If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm violators can be…

  1. Fined not more than $250,000,
  2. Imprisoned not more than 10 years,
  3. or both.

Violators are also subject to civil claims form parties who are harmed.

How does HIPAA Click and Comply help?
HIPAA Click and Comply provides:

  1. Thorough training on HIPAA Privacy Policies and Procedures
  2. Customized HIPAA documents including…
    1. Notice of Privacy Practices.
    2. Policies and procedures.
    3. Privacy Officer Position Description
    4. Business Associate Agreements
    5. Forms that
      1. Show how to make proper disclosures
      2. Shift liability to disclosure requestors
      3. Help patients and staff understand the process
      4. Document what happened.
  3. A tracking system that:
    1. Tracks both kinds of privacy actions:
      1. Disclosures of health information.
      2. Requests from patients.
    2. Processes privacy actions (allows for approval process, comments, etc.).
    3. Provides quick and easy reference to privacy actions.
    4. Prints above mentioned forms.
    5. Easily prints the Accounting of Disclosure report mentioned above.

Please click here for further information from the government defining covered entities under HIPAA.
Back to Top

NAHPO - National Association of HIPAA Privacy Officers

Member Log In
Log In
Information Center
Information Center
We Need Your Feedback