About CounterStrike CounterStrike Electronic Security
CounterStrike Home PageContact CounterStrikeAudit and ComplianceComputer Network SecurityInvestigations and IntelligenceTechnical Security Countermeasures

HIPAA / HITECH Act

Health Insurance Portability and Accountability Act
(HIPAA) regulations are divided into four Standards
or Rules:(1) Privacy, (2) Security, (3) Identifiers, and (4) Transactions and Code Sets (TCS).

HIPAA's Privacy Rule requires that individual's health information is properly protected by covered entities. Among other requirements, the privacy rule prohibits entities from transmitting protected health information (PHI) over open networks or downloading it to public or remote computers without encryption (this would include printing as well).

The Security Rule requires covered entities to put in place detailed administrative, physical and technical safeguards

to protect PHI. To do this, covered entities are required to implement access controls, encrypt data, and setup back-up and audit controls for electronic PHI in a manner commensurate with the associated risk.

Identifiers are HIPAA standards that will create a uniform and centralized way to designate an employer, provider, health plan or patient in electronic transactions.

The TCS Rule encompasses the following standard electronic transaction formats for all covered entities -- preponderantly derived from the ANSI X12N standards:

  • Health Care Claims or equivalent encounter information (X12N 837);
  • Eligibility for a Health Plan (X12N 270/271);
  • Referral Certification and Authorization (X12N 278 or NCPDP for retail pharmacy);
  • Health Care Claim Status (X12N 276/277);
  • Enrollment and Disenrollment in a Health Plan (X12N 834);
  • Health Care Payment and Remittance Advice (X12N 835);
  • Health Plan Premium Payments (X12N 820); and
  • Coordination of Benefits (X12N 837 or NCPDP for retail pharmacy).

The HITECH act extends the HIPAA rules to include Business Associates (such as service providers to the healthcare industry) and to promote various other aspects of HIPAA compliance and information technology standardization. Compliance with HIPAA standards is mandatory.

CounterStrike provides HIPAA assessment, consulting, remediation, and sustainable compliance services, and specializes in helping service providers target the healthcare industry and utilize HIPAA as a tool for expanding their client base.

HIPAA compliance procedures are highly dependent on an organization's risk profile and strategy. Although commonly touted by unaccredited organizations, no official certification process currently exists for HIPAA. For more information please contact us to speak with an experienced professional.


Home  |   About Us  |   Contact Us  |   Site Map
Audit & Compliance  |   Computer Network Security  |   Investigations & Intelligence  |   Technical Security Countermeasures
BSA / AML  |   e Discovery Forensics  |   FISMA  |   HIPAA / HITECH Act  |   ISO 27000  |   PCI DSS  |   SSAE 16  |   TR-39  |   FedRAMP

Contact Us: Telephone 307-432-1092  |  E-mail: help@counterstrike.com
Copyright © 1999-, CounterStrike. All rights reserved.