Featured Jobs

Associate Attorney - Tax (Honolulu HI)

Free Daily News and Jobs

“BenefitsLink continues to be the most valuable resource we have at the firm.”

-- An attorney subscriber

Get the BenefitsLink app LinkedIn

By Date   |   By Company Name

View More Press Releases by Benefit Partners, Inc.

Press release:

The Other Important April Deadlines: HIPAA Privacy and Security

Issued by: Benefit Partners, Inc.

Date: Feb. 13, 2006

The Other Important April Deadlines:  HIPAA Privacy and Security

While most people are aware of the April 15th deadline that is approaching for their annual IRS personal tax returns, there are also other significant deadlines in April of this year.    There is both an upcoming HIPAA Privacy deadline and a HIPAA Security deadline in April 2006.

Many organizations have hopefully completed their HIPAA PRIVACY requirements, which were required to be completed by April 14, 2003 for large health plans, and April 14, 2004 for small health plans.   But there are important deadlines in April 2006 that companies must address.    One of the April HIPAA deadlines is: Companies that had HIPAA privacy compliance dates as of April 2003 have to resend their HIPAA privacy notices by April 14, 2006.

Additionally, many organizations have not properly addressed their HIPAA SECURITY requirements. The Security Regulation, under the Health Insurance Portability and Accountability Act ("HIPAA"), requires all covered entities ("CEs") to implement security measures to ensure the confidentiality, integrity and availability of electronic protected health information ("ePHI") that the CE creates, receives, maintains or transmits.       While the Security Regulation is consistent with the Privacy Regulation, it differs in two significant ways: First, the Security Regulation narrows the scope of focus from protected health information ("PHI") in any form to PHI in electronic form.   Second, it specifies in much greater detail the safeguards that must be implemented by CEs.   The Security Regulation consists of twenty-two standards that are organized into three categories of safeguards (administrative, physical and technical) and a set of organizational and documentation requirements. CEs must comply with all of these standards. The standards are further supported by forty-five implementation specifications, which are either "required" or "addressable." CEs must implement all "required" implementation specifications and determine what is reasonable and appropriate in their environment for the requirements that are "addressable."   

And time to do so is running short.   The deadline for large health plans (health plans exceeding more than $5 million in annual premiums or claim dollars) has already passed (April 20, 2005).    ALL other covered entities must complete their assessment and comply with the HIPAA Security Regulation by April 20, 2006.    

According to Mark Johnson, Principal at Benefit Partners, Inc. in Dallas that provides HIPAA Security consulting and compliance services, many companies do not clearly understand all the requirements and actions required, and their compliance efforts often fall short of what is actually required.   They also often underestimate the time and effort required.    In order to properly fulfill the HIPAA Security compliance requirements a company should perform each of the assessments, analysis, and action steps required and have the appropriate supporting documentation.  Benefit Partners uses a proven HIPAA Security Methodology to address the requirements.   

Benefit Partners HIPAA Security Methodology includes:

PHASE I: HIPAA Security Readiness Assessment
     Project Planning and Review of Systems and Documentation
     Operations and Process Review
     High-level Risk Overview and Information Process Mapping
     Gap Analysis and HIPAA Compliance Implementation Plan

PHASE II: Security Risk Analysis
     EPHI Inventory and Flow
     Threat Identification
     Vulnerability Identification
     Current System Controls
     Risk Likelihood
     Impact Analysis

PHASE III: HIPAA Security Implementation Assistance
     Security Officer Designation
     Business Associate Contract Drafting and Negotiations
     Security Policies and Procedures
     Plan Document Amendments and Resolutions
     Security Awareness and Training

PHASE IV: HIPAA Security Audit
     Audit security implementation for level of compliance

Have you completed all the required assessments, actions items, and documentation requirements for  HIPAA Security ?    If not, time is running out for you to meet the other upcoming April deadline.   

To learn more about this topic and how Benefit Partners can assist you, please contact Mark Johnson at 972.725.6144 or by email at mjohnson@benefit1.com.  

View More Press Releases by Benefit Partners, Inc.

This is a press release issued by the company named above. BenefitsLink is not the author. Use of any information obtained from this release is voluntary, and reliance on it should only be undertaken after an independent review of its accuracy, completeness, efficacy, and timeliness. Reference to any specific commercial product, process, or service by trade name, trademark, service mark, manufacturer, or otherwise does not constitute or imply endorsement, recommendation, or favoring by BenefitsLink.

© 2019 BenefitsLink.com, Inc.