Simply powerful special education software.

Quote Rotator

Loading Quotes...

SpEd Forms and HIPAA

Summary of HIPAA Privacy and Security Guidelines

The Department of Health and Human Services final rule adopts standards for privacy and security. This rule establishes a level of protection for electronic health information and implements some of the requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Compliance Deadlines (Except for those who have filed for an extension)
Electronic Health Care Transactions and Code Sets 10/16/02 10/16/03 (Small Health Plans*)
Privacy Standards 4/14/03 4/14/04 (Small Health Plans*)
Security Standards 4/20/05 4/20/06 (Small Health Plans*)
National Provider Identifier 5/23/07 5/23/08 (Small Health Plans*)
Health Insurance Reform: Security Standards
The Department of Health and Human Services (HHS) Medicare Program, other Federal agencies operating health plans or providing health care, State Medicaid agencies, private health plans, health care providers, and health care clearinghouses must assure their customers (for example, patients, insured individuals, providers, and health plans) that the integrity, confidentiality, and availability of electronic protected health information they collect, maintain, use, or transmit is protected.
Relationship to Privacy Standards
Covered entities must implement privacy standards by April 14, 2003 (April 14, 2004 for Small Health Plans*). The implementation of privacy standards reduces the cost of implementing the security standards in two significant areas.

  • First, substantial efforts have been made to ensure that the many requirements in the security standards parallel those for privacy, and can easily be satisfied using the solutions for privacy.
  • Second, it is likely that covered entities will meet a number of the requirements in the security standards through the implementation of the privacy requirements.

As a result, covered entities that have moved forward in implementing the privacy standards are also implementing security measures at the same time.

Factors in Establishing the Security Standard
Because there is no national security standard in widespread use throughout the industry, adopting any of the candidate standards would require most health care providers, health plans, and health care clearinghouses to at least conduct an assessment of how their current security measures conform to the new standards. However, The HHS assumes that most, if not all, covered entities already have at least some rudimentary security measures in place. Covered entities that identify gaps in their current measures would need to establish or revise their security precautions. It is also important to note that the standards specify what goals are to be achieved, but give the covered entity some flexibility to determine how to meet those goals. Some large health plans, health care providers, and health care clearinghouses that currently exchange health information among trading partners may already have security systems and procedures in place to protect the information from unauthorized access and may not need to incur significant costs to meet the security standards. And while small providers are not likely to have implemented sophisticated security measures, they are also not as likely to need them as larger covered entities. The scalability principle allows providers to adopt measures that are appropriate to their own circumstances.

*Small Health Plans are defined in the Code of Federal Regulations Title 45, Part 160.103 as health plans with annual receipts of $5 million or less.

General Compliancy to the HIPAA Standards

SpEd Forms has always Believed in Keeping Private Information Private
There are several sections concerning SpEd Forms in the Final Rule of Administration Simplification. MA Forms is a prime example of software that utilizes all aspects of this Final Rule. While implementing safeguards for Privacy and Security, MA Forms has also taken advantage of the Electronic Health Care Transactions and Code Sets and is ready to accept transfers with the National Provider Identifier. When you type the “s” inhttps:// while navigating to your SpEd Forms website, the “s” is taking you to a secure website. SpEd Forms has already taken the steps needed to keep the information you type into SpEd Forms as secure as possible and when you click on the “Save” button, the data that is transferred to your SpEd Forms Server is using the highest level of encryption possible in the industry.

How Will These Standards Effect SpEd Forms Users?

SpEd Forms Users must take any necessary precautions on their own computers
Individual school districts may want to review how the privacy and security standards are being implemented on individual workstations and/or what measures are being taken to ensure that privacy and security standards are being met on each personal computer. Example: When MA Billers are saving batch files to a folder on their workstation, make sure this folder is not shared on the network.
Are workstations that are being used to save student data accessible to other teachers, students or even the general public? Is the software on these workstations secured with individual usernames and passwords that have to be typed in every time (not passwords that are conveniently saved)?
Make sure to choose the right medium when transferring private data
Individual school districts may also want to review how the privacy and security standards are being implemented in the way that the data is being transferred. While a particular form may be well suited to follow all HIPAA standards, the way that you send the data may not. Example: Sending your data through email or FTP (File Transfer Protocol) can potentially be seen by others but secure technologies such as HTTPS, WebDAV, SSL and SFTP (Secure File Transfer Protocol) may fall within HIPAA standards.
SpEd Forms,Inc. PO Box 1, Jasper, MN 56144, Toll Free 1-866-796-1848 Frontier Theme