HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is forcing medical professionals to use a standardized data exchange format and meet new privacy standards for patient information. The deadline to comply with these standards has passed . The compliance date was April 14, 2004 for Physicians and their practices.

The Centers for Medicare & Medicaid Services (CMS) is responsible for implementing various unrelated provisions of HIPAA, therefore complying with HIPAA regulations will require different actions by different practices. HIPAA requires health providers, business associates, and medical professionals to adopt standards for electronic administrative and financial transactions.

Security and Privacy

The Administrative Simplification provisions of HIPAA (Title II) require the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data. Adopting these standards will improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care.

Complying with HIPAA is challenging. Because this regulation affects many different areas, including standards for transactions, rules for data privacy/security and standards for clinical records.

HIPAA Enforcement

The Department of Health and Human Services has responsibility for HIPAA enforcement. Current enforcement is �complaint based� and under a revision for transition to investigation. The proposed rule replaces an interim enforcement rule published two years ago that primarily covered steps the government would take to impose civil fines for violations of non-privacy HIPAA rules. Many provisions of the interim rule are included in the proposed rule, but the scope of the proposed rule is much larger.

MyMDmail technology and security protocols

MyMDmail works by allowing medical professionals to communicate securely through a public network like the Internet. The MyMDmail system is a virtual private networking tool that uses Internet technology to securely share medical information and operations by utilizing unique extranet technology with well-defined security protocols within the system.

The new modules in the MyMDmail system are proprietary technology and unique to MyMDmail. While email is a component of our system, it also allows for secure document transfer and has secure email-to-fax capabilities as well as an electronic lockbox for important documents.

MyMDmail was designed as a complete electronic communication system and can establish Private Domains branded to the client. We've taken painstaking measures to protect all patient information. When our system is used properly, the levels of security not only meet HIPAA regulations but exceed their requirements as it relates to the electronic transfer of personal health information.

MyMDmail provides a way for medical professionals to exchange and track personally identifiable health information in an easy to understand format. Our system takes the worry out of HIPAA compliance issues and fulfills a great need in the medical industry. But most importantly our system ensures the privacy of the patients, who are affected the most when personal health information is not securely transmitted from one party to another.

Medical professionals and HIPAA compliance

Medical professionals are required to implement safeguards designed to protect the privacy and security of personal health information (PHI).

Medical professionals are subject to the business associate requirement set forth under HIPAA's privacy rule. They are subject to this requirement because the agent performs a function that includes the use and disclosure of PHI.

Accordingly, agents are prohibited from using or disclosing PHI in any manner that would violate the Privacy Rule if done by the provider itself. It is important to keep in mind, however, that covered entities, although not allowed to use or disclose PHI in any manner except as permitted under HIPAA, are not required to protect against any and all, known, unknown, or unlikely uses or disclosures in violation of the Privacy Rule. Safeguards must be reasonable, but not foolproof.

Electronic Communication and Transfer of PHI

HIPAA's proposed security standards (the "Security Standards") apply to PHI that is either electronically maintained or transmitted. Covered entities will be required to enter into chain of trust agreements with medical professionals when PHI is processed electronically through the transcriptionist.

Pursuant to these chain of trust agreements, agents will be obligated to maintain the integrity and confidentiality of PHI while in receipt of such information and during transmission of the same.

HIPAA falls short of mandating specific technology solutions that covered entities must implement (or require of their chain of trust partners to implement), in order to ensure the security of PHI; requiring only that covered entities implement appropriate administrative procedures, physical safeguards, and technical security services and mechanisms to guard data integrity, confidentiality, availability and to prevent unauthorized access to certain data.

Home I HIPAA Compliance I Secure Email I Secure File Transfer I Secure Fax

Private Networking I Electronic Lockbox I References I Outlook Demo

Private Label Demo I Account Options I Privacy I Disclaimer