In your company’s alphabet soup of necessary abbreviations, you should already have reserved a spot for PHIprotected health information. Seven years after the passage of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), this month marks the deadline by which employers and health-care providers must have safeguards in place to protect data on an individual’s physical or mental health, method of payment and personal identifiers such as Social Security numbers.
For at least one health-care services firm, Meridian Health Care Management of Woodland Hills, Calif., compliance with HIPAA’s privacy statute “was a daunting administrative task,” says Director of Corporate Compliance Richard Robinson. For technologically advanced firms, the focus is on electronic data and finding potential leaks. One unexpected locus of potential leaks is the customer-service help desk and what Robinson calls “one of the most overlooked areascontrolling the trash.”
Other items on the HIPAA privacy checklist:
*Applies to companies that pay out more than $5M in annual medical claims or insurance premiums; smaller firms have until April 14, 2004. For more details, see www.baselinemag.com/apr03