HBS and its parent company, SXC, has a team dedicated to the analysis and implementation of items mandated by HIPAA Administrative Simplification. This includes the transaction standards, code sets, and the rules concerning privacy and security.
Completed in March 2002, our organization implemented the transaction standards and code sets, which included the following:
Organizational changes and education were completed in March 2003, as our organization developed and implemented training for all employees, that addressed the privacy standards, including minimum necessary and use, and disclosure based on HIPAA policies and procedures. The minimum necessary information was defined on a job-by-job basis and security measures were introduced or enhanced to control access to Protected Health Information (PHI) based on this analysis.
Since 2003, our organization has undertaken a number of initiatives over the years to ensure that its software and services comply with the security provisions of the HIPAA legislation that took effect in 2005. Again, education has been in the forefront as we have worked to ensure that all of our staff are continually trained and mindful of these requirements in their responsibilities. Additionally, we have undertaken efforts in four other major areas over this time period, including: administration; physical safeguards; technical security services, and network security.