Specialization in the Healthcare Industry
Although Sierra Miles Group is experienced at providing managed services to a variety of industries, we specialize in the healthcare industry. Our staff receive regular, ongoing training on the Health Insurance Portability and Accountability Act (HIPAA) regulations. We have an in-house Certified Medical Compliance Officer to provide support to our technical team in addressing the HIPAA compliance needs of our clients and ensure that Sierra Miles Group is a compliant business associate.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 provides regulatory standards for the use and disclosure of protected health information (PHI), which is defined as any individually identifiable health information transmitted by electronic media, maintained in electronic media or transmitted or maintained in any other form or medium. The information becomes individually identifiable health information when identifiers are included in the same record set.
The 18 Identifiers:
- Names
- All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census.
- All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
- Telephone numbers
- Fax Numbers
- Electronic mail addresses
- Social security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying numbers, characteristics, or codes
HIPAA RULES
HIPAA consists of a number of different rules. The Privacy Rule sets national standards for patients’ rights with regards to PHI. A major goal of the Privacy Rule is to ensure that an individual’s health information is properly protected while still allowing for the sharing of information needed to provide high quality healthcare and to protect the public. The Security Rule sets national standards for the secure maintenance, transmission, and handling of electronic PHI (ePHI). The HIPAA Omnibus Rule is an addendum to the HIPAA regulation, extending HIPAA to Business Associates. The Breach Notification Rule is a set of standards that Covered Entities (healthcare providers, healthcare clearinghouses, and health insurance providers) and Business Associates must follow in the event of a data (PHI or ePHI) breach. The Minimum Necessary Rule (a component of the Privacy Rule) only permits the minimum amount of PHI necessary to complete a given task by members of the Covered Entities and Business Associates and their Subcontractors.
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) is responsible for the enforcement of HIPAA compliance. HIPAA violations commonly fall into several categories:
Here are some common causes of HIPAA violations and fines:
- Data breach
- Ransomware and phishing attacks
- Lost/stolen devices
- Lack of policies and procedures and systems to protect PHI
- Lack of continual HIPAA and cybersecurity training for staff
- Lack of an assessment and remediation of an organization’s security risks in its technology and processes to safeguard against security threats.
Are you HIPAA compliant? We are here to help you keep your data secure.