Tenethealth.com
HomeContact Us
Tenet HealthcarePassion, Commitment, Leadership, and Excellence in Health Care
Our CompanyOur HospitalsOur AdvantagesInvestor CenterPress CenterCareer CenterFor PhysiciansTenet Foundation


Tenet’s HIPAA Implementation

Return to Previous

HIPAA mandates the adoption of standards for the exchange of electronic health information in an effort to encourage overall administrative simplification and enhance the effectiveness and efficiency of the health care industry. Ensuring privacy and security of patient information is one of the key “accounting” factors driving the legislation. The other major factor, "portability", refers to Congress' intention to ensure that individuals may take their medical and insurance records with them when they change employers.

TRANSACTIONS AND CODE SETS
In August 2000, HHS issued final regulations establishing electronic data transmission standards that health care providers must use when submitting or receiving certain health care data electronically. All affected entities, including Tenet, were required to comply with these regulations by October 16, 2002.

On December 27, 2001, President Bush signed into law H.R. 3323, the Administrative Simplification Compliance Act (now known as Public Law 107-105). The Act requires that, by October 16, 2002, hospitals and other covered entities must either:

  • Be in compliance with the electronic transactions and code set standards under the Health Insurance Portability and Accountability Act (HIPAA), or
  • Submit a summary plan to the Secretary of Health and Human Services (HHS) describing how the entity will come into full compliance with the standards by October 16, 2003.

Tenet continues to work toward compliance with the electronic transactions and code set standards.  The Company submitted a summary Compliance Plan to the Secretary of Health and Human Services on October 8 and 9, 2002.

Testing of the transaction and code set standards is required to begin by April 16, 2003.  Tenet has started testing and will be in compliance with the standards by October 16, 2003.

PRIVACY
In December 2000, HHS issued final regulations concerning the privacy of health care information. These regulations control the use and disclosure of protected health information, whether communicated electronically, on paper or verbally. All affected entities, including Tenet, are required to comply with these regulations by April 2003. The regulations also provide patients with significant new rights related to understanding and controlling how their health information is used or disclosed.

The Office for Civil Rights, Department of Health and Human Services (“HHS”) published proposed changes to the privacy regulations in the Federal Register on March 27, 2002. Tenet provided comments to the Federation of American Hospitals (FAH) and FAH delivered a response to the proposed rule changes to HHS on April 26, 2002.  It is anticipated that HHS will submit final revisions for the privacy regulations to Congress by August 14, 2002 and the rules will be published in October.  Changes to the rules will not affect the April 2003 compliance deadline.

To meet the April 2003 deadline set for privacy compliance, Tenet:

  • Has developed standard Privacy Policies and Procedures.
  • Has developed Privacy Policies and Procedures training.
  • Is identifying business associates and is working on obtaining signed business associate agreements.
  • Is performing audits to identify privacy vulnerabilities.
  • Has implemented incident reporting and handling procedures.

SECURITY
Proposed security standards were published August 1998.  Final rules were published February 20, 2003.   The Security regulations require health care providers to implement organizational and technical practices to protect the security of such information.  Compliance with the Security regulations is due two years and two months after the February 20, 2003 publication date.

Due to the intertwining of privacy and security, Tenet has moved forward with its efforts to comply with the security regulations, by:

  • Developing and distributing standard Information Security Policies and Procedures.
  • Developing and distributing Information Security Policies and Procedures training.
  • Performing audits to identify information security vulnerabilities.
  • Implementing incident reporting and handling procedures.

Tenet has established a plan and engaged the resources necessary to comply with HIPAA. At this time, the Company anticipates that it will be able to fully comply with those HIPAA regulations that have been issued.

Any questions regarding Tenet’s HIPAA compliance project should be directed to:

Connie Emery
Privacy/Security Officer
Tenet HealthSystem
1-877-893-8363, ext 6709
PrivacySecurityOffice@tenethealth.com
 
Site Map  |  Terms & Conditions of Use  |  PRIVACY Pledge  |  Accessibility  |  Feedback