This paper discusses how the Aurora portfolio of security solutions can help enterprises meet HIPAA requirements.

Executive Summary
Different industries have different regulatory requirements regarding the security of the sensitive information in their care. For healthcare providers, those requirements have been established by HIPAA, an acronym for the Health Insurance Portability and Accountability Act, which created standards for the storage, protection and transmission of all medical records.

Aurora Enterprises works with our client’s staff, and within their budget, to implement state-of-the-art data security and compliance solutions that will satisfy all HIPPA requirements, and provide a safe and secure process from beginning to end.

Overview
For more than a decade, computers have served as the information center of every type of business in every type of industry. The medical profession is no exception.

However, just as the widespread use of computers can improve the efficiency and accuracy of how information is stored and transmitted, this method creates new vulnerabilities as well. The confidentiality of medical records is sacrosanct, but a hacker could steal one or 1,000 private records by gaining access to a physician’s or a hospital’s IT system, and can now transfer them to a storage device small enough to be concealed in a pocket.

HIPAA, an acronym for the Health Insurance Portability and Accountability Act of 1996, is a set of rules enacted by the US federal government to be followed by doctors, hospitals and other health care providers. HIPAA was created to ensure that all medical records, billing, and patient accounts meet consistent, stringent standards with regard to documentation, handling and privacy. HIPAA also allows patients to access their medical records, and to be made aware of how their personal information is shared and used. Other provisions involve patient notification of privacy procedures.

The provisions have led to extensive overhauling with regard to medical records and billing systems, as no doctor or hospital wants to risk the penalties of non-compliance, which may include fines up to $250,000, and/or imprisonment up to 10 years.

What is HIPAA?
Those who say the wheels of government turn slowly could use HIPAA to support their argument. Originally passed as an amendment to the Internal Revenue Service Code of 1986, the Kennedy-Kassebaum Act was later re-designated as the Health Insurance Portability and Accountability Act of 1996, and officially took effect on April 14, 2006.

It’s fair to say that those impacted by HIPAA had sufficient time to prepare. However, as with any government legislation, it can be difficult to wade through the legalese and uncover the specific mandates that must be addressed in the day-to-day operations at every doctor’s office, clinic,  hospital and health care provider.

This white paper from Aurora is designed to help those in the medical profession become better informed about this important subject.

HIPAA has three main objectives – insurance reform, an improvement in accountability, and administrative simplification. The last of these objectives is the most significant, as it
mandates standards on electronic data transactions in a confidential and secure manner.
HIPAA's Administrative Simplification provision is comprised of four parts, each of which have generated a variety of rules promulgated by the Department of Health and Human Services.

The four parts of Administrative Simplification are:

• Standards for Electronic Transactions
• Unique Identifiers Standards
• Security Rule
• Privacy Rule

1. Standards for Electronic Transactions
In the past, different health providers have transacted business with different electronic formats. The implementation of a national standard format is intended to simplify the efficiency of transactions nationwide.

Virtually all health plans must adopt this standard, or contract with a clearinghouse to provide translation services. Health organizations must also adopt standard code sets that describe diseases, injuries, and other health problems, to reduce errors and duplication of effort.

2. Unique Identifiers for Providers, Employers, and Health Plans
Healthcare organizations have previously used different identification formats when conducting business. The Employer Identifier Standard, published in 2002, adopts an employer's tax ID number or employer identification number (EIN) as the standard for electronic transactions. Hospitals,  doctors, nursing homes, and other healthcare providers are also required to obtain a unique identifier when filing electronic claims with public and private insurance programs.

3. Security Rule
The Security Rule requires covered entities to ensure the confidentiality, integrity, and availability of all electronic protected health information that is created, received, maintained or transmitted. It also requires the implementation of protection against reasonably anticipated threats, and reasonably anticipated uses or disclosures of such information that are not permitted by the Privacy Rule (see below). Required safeguards include application of appropriate policies and procedures, and ensuring that security measures are in place to protect networks, computers and electronic devices.

4. Privacy Rule
Arguably the most significant and sweeping advance enacted by HIPAA, the Privacy Rule was created to restrict access to and protect the privacy of all identifiable health information collected and stored by covered entities. It restricts most disclosures of protected health information to the minimum needed for healthcare treatment and business operations, and establishes new requirements for access to records by researchers and others.

To satisfy the Privacy Rule, healthcare providers are required to implement a comprehensive compliance program, that includes an impact assessment to determine gaps between existing information practices and policies and HIPAA requirements, and the implementation of privacy policies and procedures that comply with the Rule. Additional workforce training and system updates may also be required.

Who Is Impacted?
Any healthcare provider that electronically stores, processes or transmits medical records, medical claims, remittances, or certifications must comply with HIPAA regulations. These include health plans, public health authorities and healthcare clearinghouses, as well as life insurers, information systems vendors, various service organizations and universities.

However, while HIPAA requires compliance, the legislation does not specify how this compliance is to be achieved. This is where the services and expertise of a company that specializes in IT security can pay significant dividends.

Achieving HIPAA Compliance
Since HIPAA requires detailed reporting and an audit trail to demonstrate compliance, Aurora will make certain companies have the means to collect, aggregate and correlate medical data, as well as making it easy to view and distribute this vital information.

With Aurora, companies can achieve real-time security assessment and reporting, and the most effective security audit process available. We provide more efficient ways to send confidential medical information between users inside and outside the company. At the same time, we make certain the information is protected every step of the way. Aurora provides end-to-end content encryption, username and password protection, and tracking and auditing of email. The integrity of all internal and external communication is guaranteed.
           
By working with top-tier partners, including a who’s who of data security experts, to economically implement the technologies that secure enterprises, Aurora Enterprises can help companies achieve HIPAA compliance in an efficient and affordable manner.

Conclusion
Demonstrating compliance with HIPAA is about following best practices, which is in the best interests of both consumers and providers.

Aurora Enterprises is a leading California-based IT Solutions Provider specializing in data security and compliance solutions. The company’s expertise in messaging security and encryption solutions has earned Aurora an excellent reputation amongst security vendors and corporate clients.

A secure infrastructure is an essential step in the establishment of successful medical practices. Aurora Enterprises examines every aspect of a healthcare provider’s IT, and provide a safe and secure process from beginning to end. We’ll work directly with you and your staff to create a reliable HIPAA implementation program.

Read What our Clients Say about Aurora

Request More Information

Request A No Obligation Security Analysis