HIPAA Statement

By enacting the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Congress mandated the creation of standards for the privacy and security of individually identifiable health information. GroupOne Health Source is committed to complying with these national standards to protect individuals' medical records and other personal health information. As a result of GroupOne's commitment, significant staff and financial resources have been dedicated to researching and thoroughly understanding the HIPAA regulations. Since some regulations are not yet finalized, GroupOne continues to update its processes to promptly meet government requirements. GroupOne remains dedicated to achieving full HIPAA compliance.

1. Transactions and Code Sets Requirement: The Transactions and Code Sets Requirement was first on the priority list. The final compliance date was October 16, 2003. The following procedures were performed.
   1. Assessing internal management information systems to meet Transaction Standards & Code Set requirements:
      1. Engaged in close communication with software partner
      2. Completed operational assessment phase
      3. Completed the software development and installation phase
      4. Testing begun on April 14, 2003
      5. Testing completed by October 16, 2003

      

2. Privacy: Privacy was the next concern, with a compliance date of April 14, 2003. Initial and ongoing training workshops were implemented within the organization. Compliance with the Privacy sections, Risk Assessments, Protected Health Information (PHI) Data Flow Maps, and Gap Analyses has been achieved. In addition, HIPAA Policies and Procedures were developed and implemented. The following activities were completed with some continuing on an ongoing basis:
   1. Conducted Overview HIPAA Training
   2. Implemented HIPAA Training Workshops
   3. Performed Risk Assessments
   4. Mapped the flow of PHI
   5. Created HIPAA Policies
   6. Documented HIPAA Procedures to meet requirements
   7. Reviewed Business Associate Contracts and provisions
3. Security:The final Security rule adopts standards for the security of electronic PHI to be implemented by covered entities. Under the Administrative Safeguards, a covered entity must implement policies and procedures to prevent, detect, contain, and correct security violations. The compliance date was April 21, 2005, with the exception of small health plans that had until April 21, 2006. GroupOne has complied with the Security Regulations by performing the following:
   1. Modified facilities to meet Physical Workstation Security Requirements (i.e. office dividers around desks containing PHI)
   2. Assessed internal network security and other technical requirements
4. Unique Health Identifiers: UHIs are a necessary element to the national standardization of healthcare transaction automation. Under the HIPAA provision are identifiers for employers, providers, health plans, and individuals. Of these, the employer and provider have been finalized, and dealt with internally. The health plan, and individual, along with electronic signature regulations are not finalized at this time however, we continue to monitor the progress toward this end. After spending hundreds of hours studying and researching HIPAA, GroupOne HealthSource’s HIPAA Team has developed a robust set of tools and services that enable firm to help covered entities better understand and attain their HIPAA compliance goals.