Compliance Issues Affecting Healthcare Records Management

March 28, 2012 - PRLog -- Compliance with HIPAA Information and Records Management requirements expands.

In June 2005, the U.S. Department of Justice (DOJ) clarified who can be held criminally liable under HIPAA (Health Insurance Portability and Accountability Act of 1996). Covered entities and specified individuals, as explained below, whom “knowingly” obtain or disclose individually identifiable health information face a fine of up to $50,000, as well as imprisonment up to one year. Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five years in prison. Finally, offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm permit fines of $250,000, and imprisonment for up to ten years.

In 2009, HIPAA requirements were extended to business associates of covered entities and penalties were increased for non-compliance.

What does “knowingly” mean?

The DOJ interpreted this element of the HIPAA statute for criminal liability as requiring only knowledge of the actions that constitute an offense. Specific knowledge of an action being in violation of the HIPAA statute is not required.

What do HIPAA regulations require for electronic information?

HIPAA requires that healthcare facilities take reasonable precautions to prevent a loss of medical records and information. In a digital environment, it means that a contingency plan must be in place in case of a computer emergency. If there is a loss of data, the plan must include a reasonable and effective method to restore those records, without compromising privacy.

Health organizations, and the business associates who provide services to them, must ensure that the confidentiality and integrity of the medical records are secure when in a storage capacity. Access to these digital records must be restricted by a Password / ID system that proves authorized access. Any transmission of this data must be protected by a system of encryption. These safeguards need to be documented and signed.

Does Retrievex Records Management (http://www.Retrievex.com) help your company comply with HIPAA standards?

The answer is “yes”. When you create a Disaster Recovery Plan using Retrievex Media Vault / Vital Records Protection Solutions (http://www.retrievex.com/solutions/media-management-vital...) you protect your data from being lost due to disasters (like fire, flood, viruses and human error). Here are some aspects of our service that provide you with the tools to maintain HIPAA compliance: User authentication, role-based access, data encryption, offsite storage of data in secure storage facilities and Transmission Reports.

# # #

Retrievex (http://www.Retrievex.com) specializes in customized, compliant records management and document storage solutions, delivered through information management systems designed for optimum quality and efficiency.