HIPAA Compliance Report
Introduction
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was established to encourage electronic transmissions of certain transactions and to require certain entities to protect the confidentiality and security of health information. Those entities that are covered by HIPAA and must comply with the regulations are health plans, health care clearinghouses and those health care providers who conduct certain transactions electronically (such as claims submission, eligibility verification, or referrals).
Privacy
Community Health Network Of Connecticut (CHNCT) was in compliance with the Privacy Rule as of April 14, 2003. CHNCT will continue to provide education to staff and review our policies and procedures periodically to meet the changing needs of our organization and regulatory requirements.
Privacy Officer
CHNCT’s Compliance Officer has the responsibilities of the Privacy Officer.
Privacy Policies and Procedures
Many privacy policies and procedures have been developed and provided to CHNCT's workforce. Topics they cover include:
- Privacy and confidentiality safeguards;
- The privacy rights afforded to members and the process to exercise a privacy right;
- Procedures for verifying the identity and legal authority of requestors of health information;
- Using and disclosing health information, including CHNCT’s member authorization process;
- Minimum necessary requirements and procedures;
- Privacy sanctions developed for CHNCT’s workforce.
Business Associate Contracts
CHNCT has developed business associate agreements, which have been executed with all current business associates. All new contracts are reviewed to determine if a business associate agreement is required.
Training
Privacy Training has been delivered to all members of CHNCT’s workforce. This training is provided to new employees during CHNCT's quarterly compliance orientation training sessions.
Notice of Privacy Practices:
As the covered entity for the entire HUSKY A and HUSKY B population (fee-for-service and managed care enrolled), the Connecticut Department of Social Services (DSS) has developed and distributed its Notice to CHNCT’s members in early April.
Transactions and Code Sets
Community Health Network has implemented all standard code sets and accepts only compliant transaction submissions for processing. Transaction submission services include pathways and access via commonly used clearinghouse organizations. Subcontracted service providers (Behavioral Health, Dental Health, Pharmacy and Vision) are compliant and information for each is available directly from each individual entity. In accordance with transaction regulations, after October 16, 2003, CHNCT will no longer accept or process non-HIPAA compliant electronic transactions.
Security
CHNCT has assigned a Security Officer whose responsibilities include oversight of the implementation and enforcement of the Security Regulations. In anticipation of the proposed Security Regulations, and in support of the Privacy Regulations, numerous policies and procedures along with security technologies/processes have already been implemented at CHNCT. With the advent of the finalization of the Security Regulations, CHNCT has begun final rule review and gap analysis. A security project team has been formed to conduct the necessary gap analysis and project planning. This team meets on a regular basis and will include involvement from all departmental areas. CHNCT has already implemented numerous data protection technologies such as secure operating systems, data encryption, e-mail content filtering and more. CHNCT will continue to strive to enhance administrative and physical safeguards along with technical services/mechanisms to keep pace with and exceed regulation expectations.
Home
Quick Links / Find it Fast! 
