In June 2005, the U.S. Department of Justice (DOJ) clarified who can be held criminally liable under HIPAA (Health Insurance Portability and Accountability Act of 1996). Covered entities and specified individuals, as explained below, whom “knowingly”
In 2009, HIPAA requirements were extended to business associates of covered entities and penalties were increased for non-compliance.
What does “knowingly”
The DOJ interpreted this element of the HIPAA statute for criminal liability as requiring only knowledge of the actions that constitute an offense. Specific knowledge of an action being in violation of the HIPAA statute is not required.
What do HIPAA regulations require for electronic information?
HIPAA requires that healthcare facilities take reasonable precautions to prevent a loss of medical records and information. In a digital environment, it means that a contingency plan must be in place in case of a computer emergency. If there is a loss of data, the plan must include a reasonable and effective method to restore those records, without compromising privacy.
Health organizations, and the business associates who provide services to them, must ensure that the confidentiality and integrity of the medical records are secure when in a storage capacity. Access to these digital records must be restricted by a Password / ID system that proves authorized access. Any transmission of this data must be protected by a system of encryption. These safeguards need to be documented and signed.
Does Retrievex Records Management (http://www.Retrievex.com) help your company comply with HIPAA standards?
The answer is “yes”. When you create a Disaster Recovery Plan using Retrievex Media Vault / Vital Records Protection Solutions (http://www.retrievex.com/
# # #