HIPAA Compliance
Enacted in August 1996, the Health Insurance Portability and Accountability Act (HIPAA) includes a wide array of provisions designed to make health insurance more affordable and accessible. With support from health plans, hospitals and other healthcare businesses, Congress included provisions in HIPAA to require the Department of Health and Human Services (HHS) to adopt national standards for certain electronic healthcare transactions, codes, identifiers and security.

HealthTrio connect, an Internet-based health management system that allows health plans to share information and interact with their providers, members, employers and brokers, wraps a health plan’s existing systems with technology that enables HIPAA compliance for health plans. HealthTrio xpress, a core managed care administrative solution, enables health plans to meet and exceed privacy and confidentiality benchmarks through strict adherence to HIPAA guidelines.

Most HIPAA standards have been finalized and compliance deadlines have been set. While some health plans have gotten off to a fast start in the race to meet these deadlines, others are still scrambling to adapt their technology infrastructure and core business processes to the new rules. Both HealthTrio connect and HealthTrio xpress are flexible systems that can be implemented quickly, making HealthTrio’s solutions the fastest route to HIPAA compliance.

A major hurdle for health plans has been determining the HIPAA readiness of existing systems. At a minimum, these systems must provide the following functionality in order to meet final HIPAA security and privacy standards:

  • Compliant user authentication. HealthTrio’s methods for administering user logins and passwords meet the strict security standards outlined in HIPAA. In both products, users must have a valid username and password to login, must change their passwords periodically and can administer their own login information.

  • Access control for functionality. Once a user has successfully logged in, HealthTrio’s security profiles identify what features and functions each user may access. By assigning each user a profile, HealthTrio ensures that users are restricted to performing only those tasks for which they are authorized.

  • Access control for data. To be HIPAA compliant, health plans must be sure to disclose only the minimum information necessary for a user to carry out his or her duties. This means that an enrollment employee for the health plan does not need to see claims information for a patient. Or that a scheduling clerk in a provider’s office can schedule appointments without seeing patients’ Social Security numbers. In compliance with HIPAA regulations, HealthTrio’s solutions allow delivery or restriction of each discrete data element to users based on necessity.

  • Activity logging. In accordance with HIPAA regulations, HealthTrio’s solutions include extensive audit trail information. For each user, HealthTrio, LLC, catalogs access attempts – successful and failed – and also what action each user has performed, what data they’ve seen and when they viewed or changed data. This information is easily accessible and is stored indefinitely.

  • Standard transactions and code sets. To be compliant with HIPAA, health plans must use standard transactions and code sets such as those outlined in ANSI ASC X12N, Version 4010. HealthTrio’s solutions are currently compliant with these standards and are built to seamlessly adopt new standards, such as ICD-10, once they have been accepted.

HealthTrio, LLC, offers timely solutions for health plans faced with HIPAA compliance challenges. We encourage you to contact us today to learn more about our HIPAA-compliant offerings.



Solutions for Health Plans | HIPAA Compliance | Resource Center | Press Room | About Us | Contact Us | Home

©2003-2007 HealthTrio, LLC, All Rights Reserved.