About HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is forcing insurance agents to use a standardized data exchange format and meet new privacy standards for patient information. Most companies are required to comply with the HIPAA privacy rules by April 14, 2003, but smaller organizations have until April 2004. The Centers for Medicare & Medicaid Services (CMS) is responsible for implementing various unrelated provisions of HIPAA, therefore complying with HIPAA regulations will require different actions by different people. HIPAA requires health providers, business associates, and insurance agents to adopt standards for electronic administrative and financial transactions. Security and Privacy
The Administrative Simplification provisions of HIPAA (Title II) require the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data. Adopting these standards will improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care.
Complying with HIPAA is challenging. Because this regulation affects many different areas, including standards for transactions, rules for data privacy/security and standards for clinical records.
HIPAA Enforcement The Department of Health and Human Services has responsibility for HIPAA enforcement rule. Current enforcement is “complaint based” and under a revision for transition to investigation. The proposed rule replaces an interim enforcement rule published two years ago that primarily covered steps the government would take to impose civil fines for violations of non-privacy HIPAA rules. Many provisions of the interim rule are included in the proposed rule, but the scope of the proposed rule is much larger.
ASN Secure technology and security protocols ASN Secure works by allowing insurance agents to communicate securely within through a public network like the Internet. The ASN Secure system is a virtual private networking tool that uses Internet technology to securely share medical information and operations by utilizing unique extranet technology with well-defined security protocols within the system. The new modules in the ASN Secure system are proprietary technology and unique to ASN Secure. While email is a component of our system, it also allows for secure document transfer and has secure email-to-fax capabilities as well as an electronic lockbox for important documents. ASN Secure was designed as a complete electronic communication system and can establish Private Domains branded to the client. We've taken painstaking measures to protect all patient information. When our system is used properly, the levels of security not only meet HIPAA regulations but exceed their requirements as it relates to the electronic transfer of personal health information. ASN Secure provides a way for insurance agents to exchange and track personally identifiable health information in an easy to understand format. Our system takes the worry out of HIPAA compliance issues and fulfills a great need in the medical industry. But most importantly our system ensures the privacy of the patients, who are affected the most when personal health information is not securely transmitted from one party to another. Insurance Agents and HIPAA compliance insurance agents are required to implement safeguards designed to protect the privacy and security of personal health information (PHI). insurance agents are subject to the business associate requirement set forth under HIPAA's privacy rule. They are subject to this requirement because the agent performs a function that includes the use and disclosure of PHI. Accordingly, agents are prohibited from using or disclosing PHI in any manner that would violate the Privacy Rule if done by the provider itself. It is important to keep in mind, however, that covered entities, although not allowed to use or disclose PHI in any manner except as permitted under HIPAA, are not required to protect against any and all, known, unknown, or unlikely uses or disclosures in violation of the Privacy Rule. Safeguards must be reasonable, but not foolproof. Electronic Communication and Transfer of PHI HIPAA's proposed security standards (the "Security Standards") apply to PHI that is either electronically maintained or transmitted. Covered entities will be required to enter into chain of trust agreements with insurance agents when PHI is processed electronically through the transcriptionist. Pursuant to these chain of trust agreements, agents will be obligated to maintain the integrity and confidentiality of PHI while in receipt of such information and during transmission of the same. HIPAA falls short of mandating specific technology solutions that covered entities must implement (or require of their chain of trust partners to implement), in order to ensure the security of PHI; requiring only that covered entities implement appropriate administrative procedures, physical safeguards, and technical security services and mechanisms to guard data integrity, confidentiality, availability and to prevent unauthorized access to certain data.
| 
