Complying With HIPAA and JCAHO Requirements Specific security concerns are controlled access to specialized areas, supply rooms and medical carts, especially to control the access to medications, drugs, syringes, and needles. By Rod Oden While adhering to the usual group of local, state...
To access the remainder of this piece of premium content, you must be registered with Locksmith Ledger. Already have an account? Login
Register in seconds by connecting with your preferred Social Network.
Complete the registration form.
Complying With HIPAA and JCAHO Requirements
Specific security concerns are controlled access to specialized areas, supply rooms and medical carts, especially to control the access to medications, drugs, syringes, and needles.
By Rod Oden
While adhering to the usual group of local, state, and federal codes, locksmiths who work in or service hospitals, medical clinics and healthcare providers must also be aware of the additional requirements their healthcare customer must follow. In particular, hospital locksmiths should familiarize themselves with requirements set forth by the Health Insurance Portability and Accountability Act (HIPAA) and Joint Commission on Accreditation of Healthcare Organizations (JCAHO).
Health Insurance Portability and Accountability Act of 1996
HIPAA is a federal law that allows persons to immediately qualify for comparable health insurance coverage when they change jobs. It was enacted to cover the ability to move to another employer and be certain that insurance will not be denied. HIPAA also enables privacy by establishing the individual's right to decide who, when, and how any information about him or herself is disclosed; and confidentiality by obligating another to maintain the person's privacy.
The organization that has jurisdiction over HIPAA is the Department of Health and Human Services (HHS). The department has the authority to mandate standards relating to the electronic transfer of health care data. It specifies what medical and administrative code sets should be used when transferring information. Through HIPAA, it requires the use of national identification systems for health care patients, providers, payers (or plans), and employers.
The department is responsible for specifying the types of measures required to protect the security and privacy of personally identifiable healthcare information.
Originally HIPAA was introduced into law to reform insurance, not health care.
The organization seeks to create a paperless standard in which patient information is digitally stored and shared electronically among health organizations. Although it strongly recommends it, at this time it does not require the use of encryption when storing or transmitting patient information.
Protected Health Information (PHI) and PHI that is electronically transferred (ePHI) are terms that are used frequently when talking about HIPAA standards. PHI refers to personal patient information that can be used to identify the patient, sometimes even inadvertently. PHI includes, but is not limited to, the patient's name, address, telephone number, age, diagnosis, surgery, date of procedure, and medications.
The goal of HIPAA is to facilitate a uniform paperless standard by 2015. Its current posture relies on: getting the standards out to all those concerned; and self-compliance of the regulations.
There are both civil and criminal penalties associated with NOT following the HIPAA guidelines and releasing patient information. The penalties vary based on if the information was inadvertently or deliberately released, as well as the type of information released.
Specific security concerns regarding HIPAA are: controlling access to medical records and accountability to ensure patient privacy.
Regarding direct fines and citations, hospitals (especially) pay more attention to another set of standards…
Joint Commission on Accreditation of Healthcare Organizations
The Centers for Medicaid & Medicare Services (CMS) governs all activity relating to the nation's Medicare and Medicaid programs. All healthcare organizations that accept Medicare and Medicaid payments are required to comply with federal standards called “Conditions of Participation” (COPs).
HHS (see HIPAA above) also uses COPs regarding HIPAA standards.
Since 1965, CMS has empowered JCAHO (pronounced “jay-co”) to accredit and enforce COP compliance. JCAHO evaluates and accredits more than 18,000 healthcare organizations and programs.
Having grown up in the family locksmith business, I can remember a time when the only business restriction we had was from the local police department. Our shop had no parking area, so customers and...