![\"\"](\"http:\/\/www.dynapass.com\/blog\/wp-content\/uploads\/2012\/05\/hipaa-compliance1.jpg\" "\\"hipaa-compliance\\"")
<\/a><\/p>\nThe United States Congress introduced the Health Insurance Portability and Accountability Act (HIPAA) of 1996 to address the need for security standards and to protect the confidentiality and integrity of private health information.\u00a0 HIPAA affects health care organizations by requiring mechanisms to be put in place to control the privacy and security of sensitive patient data stored and exchanged electronically.\u00a0 HIPAA also affects health care organizations by encouraging the conversion of traditional paper based health care information systems to electronic health care information systems through a standardization of all shared electronic information to make healthcare more effective and efficient.\u00a0 HIPAA also mandates that the design and implementation of these electronic health care information systems protect the privacy and security of individuals\u2019 health information.\u00a0 HIPAA X12 standards, version 5010, is a new standard that regulates the electronic transmission of specific health transactions.\u00a0 Entities that need to conform to HIPAA are health plans, health care clearinghouses and any health care providers that transmit health information in electronic form.\u00a0 The compliance date for use of these new HIPAA X12, version 5010, standards is January 1, 2012.\u00a0 The HIPPA Act of 1996 required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop rules known as the HIPAA Privacy Rule and the HIPAA Security Rule. \u00a0Within the U.S. Department of Health and Human Services (HHS), the Office of Civil Rights (OCR) is responsible for implementing and enforcing the privacy and security rules.<\/p>\n
HIPAA Privacy Rule <\/strong><\/p>\n The HIPAA Privacy Rule establishes a set of national standards to protect medical records and sensitive health information.\u00a0 This rule addresses the use and disclosure of individuals\u2019 protected health information (PHI) by organizations subject to the privacy rule.\u00a0 An increasing number of organizations are utilizing new forms of health information technologies (HIT) which usually involves the transition of PHI from paper to electronic form.\u00a0 A major purpose of the privacy rule is to define and limit how organizations can use or disclose PHI.\u00a0 Under the privacy rule, organizations must develop and implement policies and procedures that restrict and limit access of health information based on specific roles of members of the organization\u2019s workforce and they must limit uses and disclosures of the information to the minimum necessary to accomplish their intended purpose.\u00a0 Many health care providers are adopting electronic health records (EHRs) to enhance the effectiveness and efficiency of the health care they deliver.\u00a0 The privacy rule became effective on April 14, 2001 and most health plans and health care providers had to comply with its requirements by April 2003.<\/p>\n HIPAA Security Rule<\/strong><\/p>\n The HIPAA Security Rule is a set of national standards that protects medical records and sensitive health information that is held or transferred in electronic form.\u00a0 One of the major goals of the security rule is to protect the privacy of health information of individuals while allowing organizations covered in HIPAA to adapt to new technologies to improve the quality and efficiency of health care. \u00a0The security rule requires covered entities to maintain appropriate administrative, technical and physical safeguards for protecting electronic protected health information (e-PHI).\u00a0 Under the security rule, organizations must ensure the confidentiality, integrity and availability of all e-PHI that they create, receive, maintain and transmit.\u00a0 Organizations must be able to identify and protect against anticipated threats to the security of the information and also protect against impermissible uses or disclosures of this information.\u00a0 Organizations must also ensure sure that e-PHI is not able to be accessed by unauthorized persons and that their workforce ensures compliance.\u00a0 Identifying and protecting against anticipated threats and uses is also a requirement by the security rule that organizations must follow.\u00a0 The security rule became effective on February 20, 2003 and most health plans and health care providers had until April 2005 to comply with its requirements.<\/p>\n DynaPass<\/strong>\u00ae<\/strong>Out of Band Authentication Technology (U.S. Patent #6,993,658)<\/strong><\/p>\n DynaPass\u2019\u00ae patented out-of-band authentication method while generating a one-time password (OTP) utilizes a user\u2019s mobile device as a way to authenticate them.\u00a0 This works by sending an OTP over SMS to a user\u2019s mobile device.\u00a0 \u00a0By leveraging DynaPass\u2019\u00ae out of band authentication platform, members of an organization\u2019s workforce can authenticate themselves before accessing protected health information and preventing unauthorized users from accessing it.\u00a0 An organization can also limit access of these members by assigning limitations depending on their roles within the organization and it will prevent unauthorized users from accessing the information.<\/p>\n