The Health Insurance Portability and Accountability Act
In 1996, the US Department of Health and Human Services (HHS) implemented the Health Insurance Portability and Accountability Act (HIPAA) to:
- Assure health insurance portability,
- Reduce healthcare fraud and abuse,
- Guarantee security and privacy of health information and
- Enforce standards for health information.
HIPAA required the HHS Secretary to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published the Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information, commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule.
The Privacy Rule establishes national standards for the protection of certain health information held by such “covered entities” as healthcare clearinghouses, employer sponsored health plans, health insurers and medical service providers that engage in certain transactions. It also establishes regulations for covered entities’ use and disclosure of Protected Health Information (PHI), which is data regarding health status, provision of healthcare or payment for healthcare information that can be linked to an individual.
The Security Rule establishes national standards for protecting certain health information held or transferred in electronic form. It operationalizes the Privacy Rule’s protections by addressing the technical and non-technical safeguards covered entities must institute to secure individuals’ “electronic protected health information (e-PHI).” The goal is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies that improve the quality and efficiency of patient care.
HIPAA plays an integral part in how Nuance Healthcare designs products, services and procedures.
How Nuance makes a difference
- Designs and develops HIPAA-supportive technologies
- Helps providers meet HIPAA standards
- Protects PHI with rigorous security and privacy program
- Adheres to clients’ HIPAA-mandated privacy and security standards
- Ensures compliance by Nuance-engaged contractors and consultants
- Invests in security and privacy resources, products and processes
Your compliance is our compliance
As a “business associate” of the entity covered directly by HIPAA, Nuance also is governed by HIPAA regulations. We give our clients specified assurances that we will maintain the confidentiality of the protected information we receive. We use or disclose PHI only as required by law or as permitted or required by the terms of the business associate agreement to which the PHI is subject. The terms of its business associate agreements allow Nuance to use and disclose PHI to provide services contracted by clients -- if such uses or disclosures by the client would not violate the HIPAA privacy and security rules.
Keeping our partners compliant
When Nuance works with contractors (providing transcription services) or consultants (providing services on matters that involve the use of PHI) we will ensure these partners comply with the provisions of the business associate agreements we have signed.
Investing in safeguards and security
We work closely with customers to ensure our solutions have appropriate safeguards and security measures. Nuance has invested and will continue to invest in resources, products and processes to protect PHI. Nuance’s security organization includes:
- Chief Security Officer, Stan Black
- Privacy Officer, Leanne Fitzgerald
- Security Governance Committee
Corporate-level commitment to the privacy and security of your PHI
Achieving and maintaining the privacy and security of our customers’ information is a top priority for Nuance. Nuance has set the highest standards for its employees and has dedicated resources to ensure HIPAA compliance and appropriate addressing of customers’ questions and concerns.