« Return to News Archives

URAC Accreditation Streamlines HIPAA Compliance and Mitigates Risk

Friday, February 5th, 2010

Health care is the bold new frontier for information technology. Regulators, providers, and insurance companies all seem ready to embrace electronic health records (EHRs) as a way to share personal health information among multiple organizations including doctors’ offices, hospitals, pharmacies, outpatient services, and managed care organizations. However, there are big risks to information technology companies who take on health care projects without ensuring they are in compliance with state and federal regulations around patient privacy and information security.

Both state and federal regulators have tightened regulatory action around the Health Insurance Portability and Accountability Act (HIPAA).  New federal mandates could lead to fines of up to $1.5 million for violations. In addition, the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act (ARRA) authorized state attorneys general to enforce HIPAA violations, and the first civil lawsuit by a state attorney general has been filed.

Even with the increased regulatory pressure, many health care organizations, including health care providers, insurance companies, and clearing houses, don’t seem to be prepared.  Also, the majority of organizations who provide services to the health care organizations and have access to patient information now qualify as business associates, as a result of HITECH, and appear unaware of their obligations.  According to a national survey conducted by HIMSS Analytics, 87 percent of health providers were aware of the need to meet new HIPAA security requirements, but just one-third of their business associates were aware.  Due to HITECH, these business associates, which can include information technology providers, have significantly more liability than ever before.

Certainly no organization deliberately breaches patient privacy.  However, as HIPAA enforcements become more stringent, organizations need to be aware of the standards and modifications, not only to avoid monetary fines, but also to avoid exposure to litigation and damage to their reputations, as well as, relationships with individual health care providers, provider networks, and consumers.

The good news is that there is help. Independent third-party HIPAA accreditation, such as the comprehensive HIPAA Privacy and HIPAA Security programs offered by URAC, help health care organizations, including health care providers, health care clearing houses, health plans, and their business associates, navigate the complexities of the HIPAA regulations. Unlike specific information technology certifications such as SAS and ISO, URAC HIPAA accreditation is focused specifically on personal health information standards.

URAC’s HIPAA accreditation programs help organizations meet quality standards that align with the stringent HIPAA requirements and help simplify the compliance process. The accreditation standards are updated regularly to reflect changes in state and federal regulations, such as the ARRA guidelines.

Some of the benefits health care organizations see with URAC HIPAA accreditation include the following:

  • Increased trust with purchasers and consumers.
  • Continuous assessment to ensure that data security controls and policies are working.
  • Evidence of control over information assets for auditors.
  • Creation of a baseline measurement with which to develop an information data privacy and/or security compliance program.
  • Hands-on evaluation of entire compliance program including detailed instructions on how to remediate any issue.
  • Tangible savings to the organization’s bottom line.
  • Mitigation of litigation risks.
  • Security for vital information.
  • Reinforcement of the organization’s commitment to required compliance. 

Presently, several organizations have earned, or are in process to achieve, URAC HIPAA accreditation. To learn how your organization can benefit, visit booth #7567 during the annual HIMSS conference, or visit the URAC website at www.urac.org. 


For 25 years, URAC has been the independent leader in promoting health care quality through accreditation, education, and measurement. URAC offers a wide range of quality benchmarking programs that reflect the latest changes in health care and provide a symbol of excellence for organizations to showcase their validated commitment to quality and accountability. URAC’s evidence-based measures and standards are developed through inclusive engagement with a broad range of stakeholders committed to improving the quality of health care.

For more information about URAC, contact us.

Interested in accreditation?
Contact businessdevelopment@urac.org

Code of Conduct | Privacy Policy | Terms of Use

Social Media TextFollow us on FacebookFollow us on TwitterFollow us on Linked In