HIPAA COMPLIANCE     DISCLAIMER Overview of HIPAA HIPAA Terms Privacy Standards US HHS Privacy Brief Security Standards Security Guide for IT Requirements for Data Does it Affect Me? HIPAA Non-Compliance Filing HIPAA Complaint BioCert® for HIPAA HHS & CMS Guides

US Biometrics and Privacy Laws & Ordinances - HIPAA Compliance

What is HIPAA?

HIPAA is known as the Health Insurance Portability and Accountability Act which was enacted into law in in 1996.  HIPAA is composed of two parts or "Titles":

Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.

Title II of HIPAA, the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

How Does Biometrics Fit into HIPAA Compliance?

Biometric verification of identity is a component part of the Technical Security Services to Guard Data Integrity, Confidentiality, and Availability and is one of the required and most easily implemented Unique User Identification methods (including Secure Password, Biometric, PIN, Token and Telephone Call Back)

Each organization would be required to implement entity authentication, which is the corroboration that an entity is who it claims to be. Authentication (Verification) would be important to prevent the improper identification of an entity who is accessing secure data. The following implementation features would be used:

• Automatic log off.
• Unique user identification. (VERIFICATION = Multi-Factor Authentication of Identity)

In addition, at least one of the following implementation features would be used:

• A biometric identification system.
• A password system.
• A personal identification number (PIN).  (Weak Authentication)
• Telephone callback. (Staffing and maintenance verification)
• A token system which uses a physical device for user identification. (Smart Card, PKI, or other Certificate)

What Solutions Does Biometrics Direct Offer for HIPAA Compliance Enablement?

Resources to help comply with the regulatory requirements of the
Health Insurance Portability and Accountability Act (HIPAA) of 1996.

As healthcare facilities, providers, insurers and business partners endeavor to deal with HIPAA statutory requirements, many organizations are realizing that their current policies and equipment are ill-equipped to deal with the depth and breadth of issues this sweeping legislation mandates.

Organizations looking to provide the most secure, uniquely identifiable end-user authentication while providing the best in patient and staff experience are looking to Biometrics for the solution.

Biometrics is the process of taking uniquely identifiable data and using this data to authenticate end user access to facilities and data. Unlike other methods of authentication, Biometrics are nearly impossible to falsify.

Of all current biometric technologies, fingerprint data is the easiest and least invasive method of authentication.  

Fingerprint identification has been used since the 1800’s for reliable verification of an individuals identity. Current technology takes a picture of the fingerprint characteristics and converts the image into “minutia” or data. This data is then compared against a known sample and is then either authenticated or rejected. The actual “fingerprint” is not stored, only the electronic interpretation of the data.

We offer both of these solutions that integrate seamlessly into a single LOGON/SSO package compatible with most all of your existing applications including Meditech, Siemens and other medical software that will secure your network for $300-350 per user including software and hardware depending upon options and accessories.

This level of pricing and security will give you 12-24 month ROI on your new biometric network security based upon established industry figures:

The typical user spends as much as 44 hours per year performing multiple login tasks to access 4 applications - A 1996 study by the Network Applications Consortium

Most users can’t remember more than 3 passwords, yet are expected to remember 6 or more - Hurwitz Group, 2000

More than 30% of help desk costs are password related - Giga, Renee Woo, March 2001

Password management costs between $200 and $300 per user each year – IDC

Our Mission is to provide innovative Biometric solutions for Healthcare, Federal and Corporate customers.

Working with the industry leaders in Biometric products and software, Biometrics Direct's BioCert and partner solutions can either be used for either a stand alone or fully networked application.

HIPAA Links on the Web

HIPAA Information For Consumers

• Fact Sheet: Privacy and Your Health Information | [En Español]
• Fact Sheet: Your Health Information Privacy Rights | [En Español]
• Fact Sheet: Protecting the Privacy of Patients' Health Information
• How to File a Health Information Privacy Complaint | [En Español]

General HIPAA Privacy Rule Background Information

• What is the Privacy Rule and why has HHS issued regulations? [PDF - 45KB]
• Privacy Rule Summary [PDF - 372KB] [RTF - 738KB]

HIPAA Regulations & Standards

• The Privacy Rule
• HIPAA Statute
• The Security Rule
• Transactions and Code Set Standards
• Identifier Standards

Other Medical Links on the Web

JCAHO - Joint Commission on Accreditation of Healthcare Organizations

The Joint Commission evaluates and accredits nearly 18,000 health care organizations and programs in the United States. An independent, not-for-profit organization, JCAHO is the nation's predominant standards-setting and accrediting body in health care. Since 1951, JCAHO has developed state-of-the-art, professionally based standards and evaluated the compliance of health care organizations against these benchmarks.

JCAHO's evaluation and accreditation services are provided for the following types of organizations:

• General, psychiatric, children's and rehabilitation hospitals.
• Health care networks, including Health Maintenance Organizations (HMOs), Integrated Delivery Networks (IDNs), Preferred Provider Organizations (PPOs), and managed behavioral health care organizations.
• Home care organizations, including those that provide home health services, personal care and support services, home infusion and other pharmacy services, durable medical equipment services and hospice services.
• Nursing homes and other long term care facilities, including sub-acute care programs, dementia programs and long term care pharmacies.
• Assisted living facilities that provide or coordinate personal services, 24-hour supervision and assistance (scheduled and unscheduled), activities and health-related services.
• Behavioral health care organizations, including those that provide mental health and addiction services, and services to persons with developmental disabilities of various ages, in various organized service settings.
• Ambulatory care providers, including outpatient surgery facilities, rehabilitation centers, infusion centers, group practices and others.
• Clinical laboratories.

JCAHO accreditation is recognized nationwide as a symbol of quality that reflects an organization's commitment to meeting certain performance standards. To earn and maintain accreditation, an organization must undergo an on-site survey by a JCAHO survey team at least every three years. Laboratories must be surveyed every two years.