1. U.S. Department of Health and Human Services. Office of Civil Rights. HIPAA administrative simplification. Combined regulation text of all rules. 45 CFR Parts 160, 162 and 164. administrative/combined/index www.hhs.gov/ocr/privacy/hipaa/. HTML. Retrieved September 18, 2011, 2nd U.S. Department of Health and Human Services.
Office of the Secretary. 45 CFR Parts 160 and 164. Standards for the protection of individually identifiable health information. Office of Civil Rights, HHS. Final rules. Federal Register. 2002;67(157):53182-53273. 3. U.S. Department of Health and Human Services. Office of the Secretary. 45 CFR Parts 160, 162 and 164.
Health insurance reform: safety standards. Centers for Medicare & Medicaid Services (CMS), HHS. Final rules. Federal Register. 2003;68(34)8334-8381. 4. Burr WE, Dodson DF, Polk WT. Special release of NIST 800-63 Version 1.0.2. Electronic authentication guideline.csrc.nist.gov/publications/nistpubs/800-63/ SP800-63V1_0_2.pdf accessed September 18, 2011.
Drug Enforcement Administration.21 CFR Parts 1300, 1304, 1306, and 1311. Electronic prescriptions for controlled substances. Provisional definitive arrangements. Federal Register. 2010;75(61):16236-6319. One of the requirements is that the prescribing physician must sign the prescription using a two-factor authentication protocol. The permitted factors are two of the following: (1) a password, (2) biometrics, (3) a hard token (either a cryptographic module or a one-time password device). In addition, under the preliminary final rule, practitioners will have the option to use a private cryptographic key to digitally sign the recipe. The pharmacy software must then apply a public key to decrypt the prescription and thus confirm the identity of the prescribing doctor. The associated digital certificate must be obtained from a certificate authority that is jointly certified with the federal PKI guideline authority. The private key associated with the digital certificate must be stored on a fixed token. Many states have stricter privacy rules than HIPAA, especially in the areas of behavioral health, human immunodeficiency virus, substance abuse, and genetic information.
There are other federal rules that are stricter than hipAA, such as the federal regulations that govern drug treatment cases. There is also a federal rule that governs the use of Medicaid information. HIPAA does not anticipate stricter state rules. Therefore, in addition to HIPA, pharmacies should know their own state rules and always follow the strictest rule. In some cases, a state law may require the patient`s specific consent to disclose certain types of information. Privacy and security are essential to ensuring that health information technologies adequately serve patients and protect their health data. To achieve these goals, the Health Insurance Portability and Accountability Act (hipaa) establishes federal minimum standards for the privacy and security of protected health information (PHI). HIPAA applies to organizations and individuals who file claims electronically; Since the vast majority of pharmacies and pharmacists file claims electronically, they fall under HIPAA privacy and security rules. Covered companies have a number of legal obligations under both regulations. Among other things, HITECH requires registered companies implementing an EHR to provide an audit trail for all information disclosures. At present, it is not clear how the term electronic patient record is defined in this context.
HITECH also requires relevant companies to provide the patient with electronic copies of PSRs upon request, which are kept in an EHR. To this end, the proposed rule defines an EEES very broadly than any electronic record. If this provision is maintained in the final regulations, pharmacies must provide patients with electronic copies of their computer records upon request. In addition, the companies concerned must comply with an individual`s request not to share data with a health plan if the person pays the full cost of the service. In summary, a variety of federal regulations, including the HIPAA Privacy and Security Rules, HITECH and the associated proposed rule, as well as the DEA`s preliminary final rule for electronic prescribing of controlled substances, are paving the way for the adoption of health information technology while maintaining the confidentiality and security of patient data and prescriptions. A number of technical advances, including strong encryption algorithms and digital certificates, hold promise as tools to implement many of the provisions of these rules. Pharmacists and pharmacy managers should familiarize themselves with these concepts, as most pharmacists and pharmacies fall under HIPAA and are held responsible for complying with various federal regulations. Staff Training – All pharmacy employees must comply with HIPAA rules, as well as volunteers and interns who must contact PHI.
All employees must be trained and informed about the HIPAA rules that apply to them and what constitutes phi. HIPAA training should be delivered as soon as possible, with regular refresher training. Pharmacies must also provide safety awareness training to staff. HIPAA, which has been updated several times since the original legislation was passed, imposes strict privacy protections. And these rules apply in your neighborhood pharmacy like they do in a teaching hospital. Prescription and billing records, as well as any information collected by pharmacists about individual patients, are all subject to HIPAA. Since almost all pharmacies submit payment requests electronically, they must comply with HIPAA patient privacy rules. A patient cannot use a HIPAA violation as a direct cause of action in a privacy action. HIPAA creates a right to privacy, not a right to sue.
However, if a HIPAA violation occurs due to a breach of duty, negligence, or professional misconduct, such cases may be initiated under state law. Prior to HIPAA, it was common for a pharmacist or employee to access the medical or prescription records of a family or friend out of concern, or to access the records of a patient involved in a messaging incident. These are violations of applicable laws, and in accordance with your covered company`s HIPAA policy, they may result in immediate termination. Provide patients with copies of their PSRs – The HIPAA Privacy Rule gives patients the right to receive copies of their PSRs upon request. While this right is generally exercised with health care providers, pharmacies are also required to provide copies of an individual`s medication records upon request. The Health Insurance Portability and Accountability Act, commonly known as HIPAA, established rules for healthcare in the United States. Congress passed HIPAA in 1996 — when people were still calling the Internet the World Wide Web and Amazon only sold books — making it one of the first privacy laws in the country. Protect Phi at all times – One of the most important aspects of HIPAA compliance for pharmacies is to ensure that safeguards are in place to ensure the confidentiality, integrity, and availability of physical and electronic PHI. Pharmacies can decide on the best protective measures to implement with decisions guided by the results of the risk analysis. The combined text of the HIPAA rules published by the Department of Health and the Office of Human Rights is 115 pages long, so covering all elements of HIPAA compliance for pharmacies would be beyond the scope of this article; However, some of the key elements of HIPAA compliance for pharmacies have been described below.
.