Enacted into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) issued regulations relating to the management of medically sensitive documents. The Privacy Rule became effective on April 14, 2003, while the Security Rule deadline was April 21, 2005.
HIPAA affects any organization that creates, receives or maintains healthcare information, including hospitals, health maintenance organizations and healthcare insurers. HIPPA requires that Protected Health Information (PHI) be kept secure for at least six years, or two years after a patient's death. This includes patient medical records, billing records, authorization forms from physicians and all communications between physicians.
Under the act, Business Records Management is considered a "Business Associate." Be assured that we have taken every precaution and followed every guideline to assure strict adherence to these mandates at all levels of our organization.
HIPAA noncompliance can have devastating consequences. Organizations are exposed to severe fines and penalties, as well as litigation and negative publicity. Noncompliance can result in the following:
- Civil fines of up to $25,000 a year
- Criminal penalties reaching $250,000 and up to ten years in prison
HIPAA compliance not only involves direct medical providers (Doctors, Hospitals, Dentists, etc.), but does include any firm paid through billing of Medical Insurance, Medicare, or state medical programs. This can include Medical billing forms, ambulance, medical taxi service, medical supply companies (serving the patient).