Helping with your Compliance
The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 have established tough standards for security within the Healthcare industry.
These new standards are aimed at protecting Electronic Health Records (EHR), Personal Health Records (PHR), and Protected Health Information (PHI). Hospitals, clinics and other healthcare providers are now directly responsible for security violations occurring within their or their business associates’ organizations.
HIPAA and HITECH include various requirements that are often grouped into two main categories:
- Security Rules
- Privacy Ruless
Security Rules describe how healthcare providers should protect access to sensitive information, such as PHR or PHI. Privacy Rules determine patients’ rights to confidential treatment of their health-related information and specify the duties healthcare providers have to ensure such confidentiality.
The consequences of not complying with HIPAA or HITECH are significant. These may include civil and criminal charges, fines, obligations to notify the public or even the media of the incidents, and more. In some cases, these fines have been substantial. For example, in February of 2011 a $4.3 million penalty was imposed against Cignet Health in Prince George County, Maryland, for violating HIPAA patient access rights. But individuals are also liable as Dr. Richard Kaye of Virginia recently found out. On June 21, 2011 he was indicted on three counts of HIPAA violations. If convicted, under § 1320d-6(b)(2), Dr. Kaye could face a fine of up to $100,000 and up to five years in jail
Because this legislation anticipates a massive expansion in the exchange of electronic protected health information (ePHI), the HITECH Act also widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for far more enforcement.
To avoid the potential pitfalls of this more stringent regulatory, Zvetco Biometrics provides the key ingredients that enable any Healthcare institution to reduce costs, increase speed/efficiency and achieve compliance with all current and future regulations. Among these are:
- Biometric identification of employees with a history of insider fraud or other criminal activities – Biometric enrollment for employees is much easier as it can be accomplished as part of the hiring process by Human Resources or performed locally at branches using the same equipment as for customer enrollment. Further, employee identification can be used in conjunction with a fraudster database as part of the financial institution’s background check to ensure that new hires are not previously identified fraudsters.
- Shifting the organization’s reliance away from passwords and tokens – This reduces the high risk associated with passwords and the danger of credential or token sharing (biometrics, unlike passwords or tokens can’t be shared) to enable employees to gain access to resources to which they don’t have the authorizations or entitlements.
- Efficient employee authentication for automatic password and/or account reset, helping to greatly reduce help desk costs.
- Employee verification for a higher degree of authenticity, strengthening the organization’s access control practices, which reduces regulatory liability
- Insider threat deterrent – Biometrics can be used to better track employees to ensure that only the properly authorized individuals are performing their duties during the appropriate times at the appropriate locations. Biometrics also makes one think twice before attempting a fraud.
Zvetco’s tools provide the key authentication ingredient in delivering the required security to meet and exceed HITECH requirements. When mated to one of our waterproof readers, which allow for frequent disinfecting daily they create a simple, germ-free way to lock down desktops, laptops, networks, web applications and the electronic health records of all patients. Most important, Zvetco’s technology enables healthcare organizations to qualify for lucrative federal funds to subsidize their investments in this technology.