What is HIPAA?
HIPAA is known as the Health Insurance Portability and
Accountability Act which was enacted into law in in 1996.
HIPAA is composed of two parts or "Titles":
Title I of HIPAA protects health insurance
coverage for workers and their families when they change or
lose their jobs.
Title II of HIPAA, the Administrative
Simplification (AS) provisions, requires the establishment
of national standards for electronic health care
transactions and national identifiers for providers, health
insurance plans, and employers.
How Does Biometrics Fit into HIPAA Compliance?
Biometric verification of identity is a component part of
Technical Security Services to Guard Data Integrity,
Confidentiality, and Availability and is one of the
required and most easily implemented Unique User
Identification methods (including Secure Password,
Biometric, PIN, Token and Telephone Call Back)
Each organization would be required to implement entity
authentication, which is the corroboration that an entity is
who it claims to be. Authentication (Verification)
would be important to prevent the improper identification of
an entity who is accessing secure data. The following
implementation features would be used:
In addition, at least one of the following implementation
features would be used:
biometric identification system.
- A personal identification number (PIN). (Weak
- Telephone callback. (Staffing and maintenance
- A token system which uses a physical device for user
identification. (Smart Card, PKI, or other Certificate)
What Solutions Does Biometrics Direct Offer for HIPAA
Resources to help comply with
the regulatory requirements of the
Health Insurance Portability and Accountability Act
(HIPAA) of 1996.
As healthcare facilities, providers, insurers and
business partners endeavor to deal with HIPAA statutory
requirements, many organizations are realizing that their
current policies and equipment are ill-equipped to deal with
the depth and breadth of issues this sweeping legislation
Organizations looking to provide the most secure, uniquely
identifiable end-user authentication while providing the
best in patient and staff experience are looking to
Biometrics for the solution.
Biometrics is the process of taking uniquely identifiable
data and using this data to authenticate end user access to
facilities and data. Unlike other methods of authentication,
Biometrics are nearly impossible to falsify.
Of all current biometric technologies, fingerprint data is
the easiest and least invasive method of authentication.
Fingerprint identification has been used since the 1800’s
for reliable verification of an individuals identity.
Current technology takes a picture of the fingerprint
characteristics and converts the image into “minutia” or
data. This data is then compared against a known sample and
is then either authenticated or rejected. The actual
“fingerprint” is not stored, only the electronic
interpretation of the data.
offer both of these solutions that integrate seamlessly into
single LOGON/SSO package
compatible with most all of your existing
applications including Meditech, Siemens and other medical
software that will secure your network for $300-350 per user
including software and hardware depending upon options and
This level of pricing and security will give you 12-24
month ROI on your new
biometric network security based upon established industry
The typical user spends as
much as 44 hours per year performing multiple login
tasks to access 4 applications - A 1996 study
by the Network Applications Consortium
Most users can’t remember more
than 3 passwords, yet are expected to remember 6 or more
- Hurwitz Group, 2000
More than 30% of help desk
costs are password related - Giga, Renee Woo,
Password management costs
between $200 and $300 per user each year –
Our Mission is to provide innovative Biometric solutions
for Healthcare, Federal and Corporate customers.
Working with the industry leaders in Biometric products and
software, Biometrics Direct's BioCert and partner solutions can
either be used for either a stand alone or fully networked
HIPAA Links on the Web
HIPAA Information For Consumers
General HIPAA Privacy
- What is the Privacy Rule and why has HHS issued
- Privacy Rule Summary [PDF
- 372KB] [RTF
Other Medical Links on the Web
JCAHO - Joint Commission on
Accreditation of Healthcare Organizations
The Joint Commission evaluates and accredits nearly
18,000 health care organizations and programs in the
United States. An independent, not-for-profit
organization, JCAHO is the nation's predominant
standards-setting and accrediting body in health care.
Since 1951, JCAHO has developed state-of-the-art,
professionally based standards and evaluated the
compliance of health care organizations against these
JCAHO's evaluation and accreditation services are
provided for the following types of organizations:
- General, psychiatric, children's and
- Health care networks, including Health
Maintenance Organizations (HMOs), Integrated
Delivery Networks (IDNs), Preferred Provider
Organizations (PPOs), and managed behavioral health
- Home care organizations, including those that
provide home health services, personal care and
support services, home infusion and other pharmacy
services, durable medical equipment services and
- Nursing homes and other long term care
facilities, including sub-acute care programs,
dementia programs and long term care pharmacies.
- Assisted living facilities that provide or
coordinate personal services, 24-hour supervision
and assistance (scheduled and unscheduled),
activities and health-related services.
- Behavioral health care organizations, including
those that provide mental health and addiction
services, and services to persons with developmental
disabilities of various ages, in various organized
- Ambulatory care providers, including outpatient
surgery facilities, rehabilitation centers, infusion
centers, group practices and others.
- Clinical laboratories.
JCAHO accreditation is recognized nationwide as a
symbol of quality that reflects an organization's
commitment to meeting certain performance standards. To
earn and maintain accreditation, an organization must
undergo an on-site survey by a JCAHO survey team at
least every three years. Laboratories must be surveyed
every two years.