/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsQ. We are a healthcare service provider based in India and since our clients always have concerns about data security/confidentiality and adhering to standard quality norms, I am keen to know how can we ensure this, so that we have more confidence of the clients for sustainability and continuous flow of business.
As you are in healthcare services, it is important for you to know the Health Insurance Portability and Accountability Act (HIPAA), which was mandated in 1996 and came into effect from 2003. It is widely acknowledged as the norm for healthcare services, and you need to be well-versed with the act and other regulatory bodies.
Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers. This act gives the right to privacy to individuals from age 12 through 18 and therefore, the provider must have a signed disclosure from the affected, before giving out any information on healthcare to anyone, including parents.
To start with HIPAA compliance, you need to be familiar with the provisions of HIPPA (http://www.hipaa.com) that specifically talks about confidentiality and data security. Since HIPAA compliance is one of the critical issues in outsourcing healthcare related work to India. In line with the provisions of HIPPA, it is a good idea to formulate your company policy for data security and confidentiality that shall extend not only to the employees but also to the consultants and freelancers.
Having a clear policy not only provides you clarity on the way data security shall be dealt with, but also it helps to gain confidence of existing and potential clients. Formulation of policy should always be followed by implementation of the physical data security measures, as well as sensitization of the employees on the legal requirements on HIPPA compliance, consequences of violating the policy provisions. Periodic awareness sessions and guidance on practical implementation of the same is mandatory to ensure that policy is being effective in the everyday working or processes of the company and is not just on paper. Additionally, periodic audits within the company by in house person or with the help of an outside counsel will be of great use to assess and fix flaws in the process.