Privacy and Compliance

Privacy and Security of Protected Health Information (PHI)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) included requirements that Congress and the Department of Health and Human Services (HHS) develop new health data security and individual health information privacy standards. The Privacy Rules developed by HHS became final in April 2001 with an effective date of April 14, 2003 (April 14, 2004 for small health plans). The Security Rules developed by HHS were issued in February, 2003 and most covered entities were given until April 20, 2005 to comply (April 20, 2006 for small health plans). Recently, included as part of the federal stimulus bill known as the American Recovery and Reinvestment Act of 2009 (“ARRA”) is Title XIII, the “Health Information Technology for Economic and Clinical Health Act” or the “HITECH Act.” The HITECH Act contains a sweeping expansion of the HIPAA Privacy and Security Rules. The HITECH Act affects business associates entities that use or have access to PHI when providing services on behalf of health plans, health care providers, and health care clearinghouses, defined as “covered entities” under HIPAA.

The HITECH Act makes business associates subject to many of the same obligations as covered entities under the Privacy and Security Rules. Business associates that have not been subject to HIPAA before must become familiar with the new changes to HIPAA contained in the HITECH Act or risk becoming inadvertently non-compliant and subject to stiff penalties. The compliance deadline for the new HIPAA requirements is February 17, 2010 (one year following ARRA’s enactment into law). A-Life is committed to complying with the Privacy and Security Rules that previously were only the concern of covered entities but now also apply to business associates. As part of this effort, A-Life has reviewed and amended its existing policies and procedures, created privacy and security officer positions, trained staff members regarding the new changes, evaluated IT systems and encryption capabilities and hired qualified legal counsel experienced with HIPAA and the HITECH Act.

In addition, A-Life is committed to complying with the applicable requirements of the Red Flag Rules issued pursuant to the Fair and Accurate Credit Transaction Act of 2003 (Red Flag Rules), and has undertaken measures to identify, detect and prevent "red flags" in its business activities that could lead to identity theft.

A-Life Medical is committed to compliance in all aspects of its business, and to that end we work diligently to prepare for all applicable requirements of HIPAA, the HITECH Act and the Red Flag Rules. Today, we are proud to say that we have met or exceeded all requirements of our business, and we will continue to meet the needs of our customers and business partners to ensure our mutual success.

Compliance

Compliance is about preventing errors, negligence, fraud and abuse; it is also about continuing quality improvement and dedication to excellence. Today, compliance in healthcare focuses on coding, billing, cost reports, business relationships and government regulations. A compliance program is quality assurance, quality control and quality improvement processes, combined with one's risk management program. The primary objective is to prevent, detect and cure errors and inappropriate behavior such as waste, fraud and abuse.
A-Life Medical's Compliance Program includes:

To discuss our Privacy and Compliance program and policies please use the Contact Us link to reach us.