HIPAA Security & Privacy FAQs

The Privacy and Security Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) require us to implement specific safeguards to protect the privacy of our member's health information in both printed and electronic formats. The Security Regulation requires health plans including employer group health plans,healthcare clearinghouses, and healthcare providers to develop specific safeguards to protect electronic health information.

The following information can help you be fully compliant with the Security Regulation.

How can I learn more about HIPAA Security?

Several reputable agencies and organizations have posted helpful information about HIPAA Security on their Web sites:

  • The Centers for Medicare and Medicaid Services (CMS), the enforcement agency for HIPAA Security, has a section devoted to security education materials.
  • The U. S. Government Printing Office Web site has a link to the Federal Register (February 20, 2003) containing the final Security Rule.
  • The Workgroup for Electronic Data Interchange (WEDI), has information and links to other HIPAA resources.

We hope this information will assist you in your efforts to comply with the HIPAA Security Rule. If you would like to discuss how this new law will affect the way you communicate with BCBSRI, please contact your account executive.

How does BCBSRI comply with HIPAA Security?

Blue Cross & Blue Shield of Rhode Island (BCBSRI) insures that our business practices comply with the security regulations. Some of the activities completed include:

  • Appointment of an information security official and privacy official
  • Routine risk assessments
  • Creating and/or modifying existing security and privacy policies/procedures
  • Entering into business associate contracts with key vendors
  • Executing a security and privacy awareness training program for our workforce
Do I have to comply with the HIPAA Security Rule?

Any covered entity (healthcare provider, healthcare plan and healthcare clearinghouse) that files claims or receives remittance advices electronically must comply with the HIPAA Security Regulation. Please consult your legal counsel to determine your obligations. 

What is the HIPAA Security Regulation?

The HIPAA Security Regulation defines specific standards and controls that must be in place to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is information transmitted over the Internet and/or stored on a computer, CD, disk, magnetic tape, or other related means. This includes ePHI that is created, received, maintained, or transmitted. You can find the final Security Rule in the Federal Register of February 20, 2003.