Hipaa Compliance

The Health Insurance Portability and Accountability Act (HIPAA), became law in 1996. It requires health care providers, insurance companies and others involved in health care transactions to provide security on any system containing personal health information, store and transmit that information according to standardized rules, and place an automatic audit on files to help keep track of who should have access to them and whether those access rules have been violated. HIPAA complaints and violations that aren't fixed quickly are subject to a fine of between $100 per incident or a maximum of $25,000 per year for violation of a specific rule.

Administrators at the University of Colorado found a way to comply HIPAA to protect the integrity of electronic patient records. In addition to meeting the Privacy requirement of HIPAA, they needed a system to deal with their staff of medical professionals who move from computer to computer throughout their shifts. To be better equipped to achieve compliance, the hospital chose to use technology via a combination of a system called pcProx Sonar along with a software named eXactACCESS. When someone walks away from a workstation, a sonar device installed on the computer detects the change, and causes the computer to lock. Also, authentication via a user PIN is required. As a result, the integrity of the patient data is greatly enhanced. Doctors and nurses must pass their badge across the reader and then type their PIN. "Security access and work data is routed through eXactACCESS, bringing them right to their administrator-defined portion of the network. It allows them to log off one machine and onto another without any interruption in workflow, and their work is preserved just as they left it" (Unknown).

Health care fraud is another serious compliance issue with which the federal government continues to deal. Also an outgrowth of HIPAA, the Social Security Act section 1128C(a) of the Act created the Health Care Fraud and Abuse Control Program (HCFAC), a program to combat fraud and abuse in health care.

The Act requires that the monies recovered from health care investigations be deposited in the Medicare Trust Fund. All funds deposited in the Trust Fund as a result of the Act are available for the operations of the Trust Fund.

According to the Department of Health and Human Services and The Department of Justice Health Care Fraud and Abuse Program Annual Report for FY 2004,

"the Federal Government won or negotiated approximately $605 million in judgments and settlements.. The Medicare Trust Fund received transfers of more than $1.51 billion during this period, and an additional $99 million in federal Medicaid money was similarly transferred to the Centers for Medicare and Medicaid Services (CMS). The HCFAC account has returned over $7.3 billion to the Medicare Trust Fund since the inception of the program in 1997" (Monetary results n.d, 2005).

There are many examples of Medicare fraud. Some include: incorrect reporting of diagnoses or procedures to maximize payment, billing for services not furnished, alteration of medical