HIPAA - ARRA Records Compliance with iGuard

Print
PDF

HIPAA.7iGuard enables HIPAA Compliance by protecting and logging access to your facility, (PHI) Patient Records Rooms, and Pharmaceutical Samples Storage. 

The iGuard solution works well for physicians, optometrists, clinics and other small to medium sized medical facilities.  Additionally, the smart card used by the iGuard system may be used as an ID Badge.

What is HIPAA?

HIPAA is known as the Health Insurance Portability and Accountability Act which was enacted into law in in 1996.  HIPAA is composed of two parts or "Titles":

Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.

Title II of HIPAA, the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

How Does Biometrics Fit into HIPAA Compliance?

Biometric verification of identity is a component part of the Technical Security Services to Guard Data Integrity, Confidentiality, and Availability and is one of the required and most easily implemented Unique User Identification methods (including Secure Password, Biometric, PIN, Token and Telephone Call Back)

Each organization would be required to implement entity authentication, which is the corroboration that an entity is who it claims to be. Authentication (Verification) would be important to prevent the improper identification of an entity who is accessing secure data. The following implementation features would be used:

  • Automatic log off.
  • Unique user identification. (VERIFICATION = Multi-Factor Authentication of Identity)

In addition, at least one of the following implementation features would be used:

  • A biometric identification system.
  • A password system.
  • A personal identification number (PIN).  (Weak Authentication)
  • Telephone callback. (Staffing and maintenance verification)
  • A token system which uses a physical device for user identification. (Smart Card, PKI, or other Certificate)

How does iGuard support HIPAA Compliance?

Resources to help comply with the regulatory requirements of the
Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA.6

As healthcare facilities, providers, insurers and business partners endeavor to deal with HIPAA statutory requirements, many organizations are realizing that their current policies and equipment are ill-equipped to deal with the depth and breadth of issues this sweeping legislation mandates.

Organizations looking to provide the most secure, uniquely identifiable end-user authentication while providing the best in patient and staff experience are looking to Biometrics for the solution.

Biometrics is the process of taking uniquely identifiable data and using this data to authenticate end user access to facilities and data. Unlike other methods of authentication, Biometrics are nearly impossible to falsify.

Of all current biometric technologies, fingerprint data is the easiest and least invasive method of authentication.  

Fingerprint identification has been used since the 1800’s for reliable verification of an individuals identity. Current technology takes a picture of the fingerprint characteristics and converts the image into “minutia” or data. This data is then compared against a known sample and is then either authenticated or rejected. The actual “fingerprint” is not stored, only the electronic interpretation of the data.  iGuard stands alone in the price/performance category for protecting physical PHI records in your clinical environment

 Unparalleled ROI and Benefits

The iGuards level of pricing and security will give you 12-24 month ROI on your new biometric network security based upon established industry figures:

Our Mission is to provide innovative Biometric solutions for Healthcare, Federal and Corporate customers.

Working with the industry leaders in Biometric products and software, ASG's iGuard, BioCert and partner solutions can either be used for either a stand alone or fully networked application.

HIPAA Links on the Web

HIPAA Information For Consumers

Understanding Patient Safety Confidentiality

The regulation implementing the Patient Safety and Quality Improvement Act of 2005 (PSQIA) was published on November 21, 2008, and became effective on January 19, 2009.  View the Patient Safety Rule  (42 C.F.R. Part 3).

PSQIA establishes a voluntary reporting system to enhance the data available to assess and resolve patient safety and health care quality issues. To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information called patient safety work product. Patient safety work product includes information collected and created during the reporting and analysis of patient safety events.

Health care workers and X-rays   The confidentiality provisions will improve patient safety outcomes by creating an environment where providers may report and examine patient safety events without fear of increased liability risk.  Greater reporting and analysis of patient safety events will yield increased data and better understanding of patient safety events.

OCR works in close collaboration with the Agency for Healthcare Research and Quality (AHRQ) which has responsibility for listing patient safety organizations (PSOs), the external experts established by the Patient Safety Act to collect and analyze patient safety information.

Learn more about PSQIA and the Patient Safety Rule and OCR's Delegation of Authority.

General HIPAA Privacy Rule and PSQIA Rules Background Information

HIPAA Rule:

  • What is the Privacy Rule and why has HHS issued regulations? [PDF - 45KB]
  • Privacy Rule Summary [PDF - 372KB] [RTF - 738KB]

PSQUIA Standard

Patient Safety and Quality Improvement Act of 2005 Statute and Rule

Statute

The Patient Safety and Quality Improvement Act of 2005 (PSQIA) establishes a voluntary reporting system designed to enhance the data available to assess and resolve patient safety and health care quality issues.  To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information, called patient safety work product.  PSQIA authorizes HHS to impose civil money penalties for violations of patient safety confidentiality.  PSQIA also authorizes the Agency for Healthcare Research and Quality (AHRQ) to list patient safety organizations (PSOs).  PSOs are the external experts that collect and review patient safety information.

Learn more about PSQIA and read the statute.

Implementing Regulations

The Patient Safety Rule implements select provisions of PSQIA.  

Subpart C of the Patient Safety Rule establishes the confidentiality provisions and disclosure permissions for patient safety work product and the enforcement procedures for violations of confidentiality pursuant to section 922 of the statute.  OCR enforces these confidentiality protections.

AHRQ lists patient safety organizations pursuant to section 924 of PSQIA and has responsibility for common formats and network of patient safety databases pursuant to section 923.

Learn more about the Patient Safety Rule and read the regulations.

For more details about AHRQ's activities, visit the AHRQ PSO web site.

HIPAA Regulations & Standards

Other Medical Links on the Web

JCAHO - Joint Commission on Accreditation of Healthcare Organizations

The Joint Commission evaluates and accredits nearly 18,000 health care organizations and programs in the United States. An independent, not-for-profit organization, JCAHO is the nation's predominant standards-setting and accrediting body in health care. Since 1951, JCAHO has developed state-of-the-art, professionally based standards and evaluated the compliance of health care organizations against these benchmarks.

JCAHO's evaluation and accreditation services are provided for the following types of organizations:

  • General, psychiatric, children's and rehabilitation hospitals.
  • Health care networks, including Health Maintenance Organizations (HMOs), Integrated Delivery Networks (IDNs), Preferred Provider Organizations (PPOs), and managed behavioral health care organizations.
  • Home care organizations, including those that provide home health services, personal care and support services, home infusion and other pharmacy services, durable medical equipment services and hospice services.
  • Nursing homes and other long term care facilities, including sub-acute care programs, dementia programs and long term care pharmacies.
  • Assisted living facilities that provide or coordinate personal services, 24-hour supervision and assistance (scheduled and unscheduled), activities and health-related services.
  • Behavioral health care organizations, including those that provide mental health and addiction services, and services to persons with developmental disabilities of various ages, in various organized service settings.
  • Ambulatory care providers, including outpatient surgery facilities, rehabilitation centers, infusion centers, group practices and others.
  • Clinical laboratories.

JCAHO accreditation is recognized nationwide as a symbol of quality that reflects an organization's commitment to meeting certain performance standards. To earn and maintain accreditation, an organization must undergo an on-site survey by a JCAHO survey team at least every three years. Laboratories must be surveyed every two years.

The Patient Safety Rule

The Patient Safety Rule, published in the Federal Register on November 21, 2008, effective on January 19, 2009, is codified at 42 C.F.R. Part 3 (73 FR 70732).  The Patient Safety Rule implements select provisions of PSQIA.

OCR has responsibility for interpreting and implementing the confidentiality protections described in Subpart C and the enforcement provisions described in Subpart D.

AHRQ has responsibility for listing and delisting of patient safety organizations (PSOs) described in Subpart B.

Health care professionals   Subpart Adefines essential terms, such as patient safety work product, patient safety evaluation system, and PSO.

Subpart B provides the requirements for listing PSOs.  These entities offer their expert advice in analyzing the patient safety events and other information they collect or develop to provide feedback and recommendations to providers.

Subpart C describes the privilege and confidentiality protections that attach to patient safety work product and the exceptions to the protections.


Subpart Destablishes a framework to enable HHS to monitor and ensure compliance with the confidentiality provisions, a process for imposing a civil money penalty for breach of the confidentiality provisions, and hearing procedures.

Read the Patient Safety Rule (73 FR 70732, Nov. 21, 2008).

Read the Patient Safety Notice of Proposed Rulemaking (73 FR 8112, Feb. 12, 2008).


Artemis Solutions Group (ASG Global) sites are best viewed at minimum 1280x1024 or 1440x900 Resolution
All ASG Global sites employ the use of Session Cookies, Adobe Flash, Sun Javascript and our Download Files use Adobe Acrobat
Contact Us at - 1-866-53-SMART  (866-537-6278)TOLL FREE or +1 206-973-2137 - Pacific Time UMT-8