Pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), on December 28, 2000, the Secretary of HHS issued final regulations that promulgated federal standards with respect to the use and disclosure of Protected Health Information by a health plan, healthcare provider or healthcare data clearinghouse. Pursuant to recent expansions of HIPAA by the Health Information Technology for Economic and Clinical Health Act (HITECH), the Secretary of HHS issued regulations expanding our obligations regarding breach notification.
These regulations establish a framework for implementation that impacts the privacy and security of Protected Health Information by all health providers and their Business Associates, including CareEvolve. These regulations change how CareEvolve handles electronic transactions and code sets, national identifiers, and notification to patients whose unsecured PHI has been breached.
CareEvolve and its parent company, BioReference Laboratories, have formed a HIPAA Oversight Committee, appointed a HIPAA Compliance Officer, established a HIPAA Project Office, and developed a HIPAA Project Plan as a framework for our HIPAA activities. As mandated in the Privacy Rule, a Privacy/Security Officer has been appointed. Procedures have also been implemented to satisfy the breach notification provisions of HITECH.
As our HIPAA compliance activities advance, our focus remains on our responsibilities to the patients, doctors and health care organizations we serve to ensure we meet the HIPAA standards.