Frequently Asked Questions

What is HIPAA?: Although the Internet enables the healthcare industry to lower transaction and operational costs while providing better service to customers, partners, and physicians, it also raises concerns about the privacy of individually identifiable patient information. To address these security concerns, the United States Congress passed HIPAA , Health Insurance Portability & Accountability Act , a set of standards that define minimum requirements for network security. As the privacy regulation deadline nears, healthcare organizations need to deploy a security architecture to meet government regulations and ensure the trust of patients. HIPAA calls for Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

What is "INDIVIDUALLY IDENTIFIED" information?: Any healthcare information that can be tracked back to an individual such as claims, remittances, claim status inquiries, eligibility, and certification. So, if the organization files a claim electronically or electronically store information, such as above, they must comply with the appropriate HIPAA regulation. HIPAA applies to all communication that is stored or transmitted electronically, or that has been stored or transmitted electronically in the past. Media includes, but is not limited to, computer databases, tapes, disks, telecommunications, FAX, Internet, networks.

Who must comply with the regulations of HIPAA?: Any organization that electronically stores or transmits individually identified healthcare information, all healthcare providers, health plans, payers, clearinghouses, and other entities that process health data must comply with the Security regulation.

What if I don't comply?: Congress prescribed penalties for non-compliance with any provision of the HIPAA mandates. This includes civil fines of up to $100 per occurrence, with a maximum of $25,000 per calendar year for "... all violations of an identical requirement or prohibition...". They are also considering imposing separate fines for each major component of the security requirements that is violated.

What is the security regulation?: The security standard consists of the requirements that a health care entity must address in order to safeguard the integrity, confidentiality, and availability of its electronic data. At a minimum, all organizations that transmit or maintain electronic health information must conduct a risk assessment and develop a security plan to protect this information. They must also document these measures and keep them current.

There are 4 categories of the security standard:

Administrative procedures used to guard data integrity, confidentiality, and availability. These are documented, formal procedures for selecting and executing information security measures. These procedures also address staff responsibilities for protecting data.

Physical safeguards to guard data integrity, confidentiality, and availability. These safeguards protect physical computer systems and related buildings and equipment from fire and other environmental hazards, as well as intrusion. The use of locks, keys, and administrative measures used to control access to computer systems and facilities are also included.

Technical data security services to guard data integrity, confidentiality, and availability. These include the processes used to protect, control, and monitor information access.

Technical security mechanisms. These include processes used to prevent unauthorized access to data transmitted over a communications network.

Is there a deadline?: Compliance date for HIPAA Standards for Privacy & Individually Identifiable Health Information and Security Standards is April 14, 2003.

What can LTek Enterprises do for me?: As a leader in securing networks, Ltek Enterprises offers a complete line of solutions that address HIPAA regulations that enforce Internet and electronically transmitted data security. Ltek can help you achieve HIPAA compliance by conducting a security assessment, recommending and implementing solutions to meet the requirements, and maintaining the standards for your organization.

Remote Access via Virtual Private Network (VPN)

Utilizing secure VPN, doctors, nurses and office managers can access information safely from home or local offices.
Firewall
We will install and configure a firewall to meet your specific needs. A managed firewall combined with VPN client for firewall can extend communication to remote clinics, labs, and other business partners. We offer Anti-Virus protection with our firewalls and we will manage the firewall so you don’t have to worry about updates.

Access Control
Our intranet security solutions protect information from unauthorized access and ensuring patient confidentiality and data integrity. We offer biometrics as an option for trouble free administration.

Ltek Enterprises has a wide range of HIPAA compliant solutions for every network including encryption, biometrics, and firewall management, back-up and recovery, to name a few. And remember, Ltek offers FREE security assessment with no obligation.

Firewall