The Medical Office HIPAA Procedure (Health Insurance Portability Accountability) describes the background and implications of the HIPAA Act and outlines areas of compliance for a medical office. The medical office should implement and follow the policies and procedures required to become HIPAA compliant.

This statement applies to the requirements outlined by US law and the regulations promulgated by the Department of Health and Human Services (DHHS) regarding security, privacy and confidentiality. These requirements, involve healthcare providers and individual physician offices, and are far-reaching for healthcare transactions and administrative IT systems. All medical offices that maintain or transmit electronic health information, which is considered to be sensitive, must comply by implementing sufficient security procedures to ensure patient confidentiality.

Medical Office HIPAA Responsibilities:

Managers should oversee the implementation of all privacy controls, training, and compliance coordination.

The medical Office Manager should be the HIPAA Coordinator and Privacy Officer responsible for understanding the implications of conforming to HIPAA, ensuring that HIPAA rules are followed, making sure that all office staff are trained on the Medical Office HIPAA Procedure, and that the medical office complies. The HIPAA duties and responsibilities can be assigned to one person in an existing position and do not require any additional staff. The HIPAA Coordinator should have the authority and responsibility to maintain medical records within the guidelines of HIPAA regarding privacy, security, and confidentiality standards.