Title I of HIPAA protects health-insurance coverage for workers and their families. Title II deals with administrative simplification and puts HHS in charge of national standards for electronic health-care transactions and national identifiers for providers, health plans and employers. And for IT, it establishes regulations to ensure the security and privacy of electronic health-care information.
HIPAA applies to health plans, such as HMOs, Medicare and state Medicaid programs, and health-care clearinghouses that process electronic health-care information. Under the administrative simplification requirements, size does not matter. If a provider transmits, for example, health-care claims, eligibility and enrollment information, referral and authorizations for health care, or payment and remittance advice in electronic form, it is subject to the requirements.
Final privacy rules for all but the smallest organizations went into effect on April 14, 2003. For the most part, the rules deal with notifying patients about their privacy rights, training employees to understand privacy procedures, and designating an individual who is responsible for adopting and implementing privacy procedures. But there are sections of the privacy rule that drive the security rules: Particularly, the definition of PHI and securing patient records containing it.
If you define PHI as a patient medical record in any format, paper or electronic, you would not be wrong. But it can be more or less than that, depending on who collects it and what it contains. PHI is any health information collected by a covered entity that identifies an individual and relates to his or her physical or mental health condition, past, present and future. For IT, PHI does not lose its character when stored or transmitted in electronic format. This is true even where the covered entity contracts with third-party business associates to perform essential functions.
HIPAA does not give HHS authority to regulate other types of private businesses or public agencies, outside of the health-care industry. For example, the regulations do not apply to employers, life-insurance companies or some public agencies that deliver government benefits, like Social Security and welfare. Note also that electronic media does not include paper-to-paper facsimile equipment or voice-to-voice telephones. Videoconferencing and voicemail systems also are excluded because these technologies are secure point-to-point transmissions with privacy protections in federal and state wiretap laws.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
