Call ABS Toll Free at 866-565-8413
Learn more online at www.absystems.com


Home > HIPAA Compliant

At ABS our Next Generation Software is
completely HIPAA Compliant

One of the best reasons to choose American Business Systems is the fact that our system is completely HIPAA comliant. In addition, because no patient data needs to be stored on your local computer all the burdens of following the strict standards set forth by HIPAA are completely eliminated. With our system all you have to worry about is serving your clients.

You can learn more about HIPAA at HIPAAdvisory.com or read our quick summary below.

What is HIPAA?

"HIPAA" is an acronym for the Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amended the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act, the Act includes a section, Title II, entitled Administrative Simplification, requiring:

  1. Improved efficiency in healthcare delivery by standardizing electronic data interchange.
  2. Protection of confidentiality and security of health data through setting and enforcing standards.

More specifically, HIPAA called upon the Department of Health and Human Services (HHS) to publish new rules that will ensure:

  1. Standardization of electronic patient health, administrative and financial data
  2. Unique health identifiers for individuals, employers, health plans and health care providers
  3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

Who is affected?

Virtually all healthcare organizations – including all healthcare providers, health plans, public health authorities, healthcare clearinghouses, and self-ensured employers, medical billers – as well as life insurers, information systems vendors, various service organizations, and universities.

Are there penalties?

HIPAA calls for severe civil and criminal penalties for non-compliance, including:

  • Fines up to $25K for multiple violations of the same standard in a calendar year
  • Fines up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information

The ABS HIPAA Compliance Statement

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlined changes in the provision of healthcare and the management of paper and electronic records. Such changes focused primarily on defining standards in a) medical information transport, b) medical transaction set formats for transmitting or handling electronic claims, remittance, and eligibility information, and c) overall protection and confidentiality of patient-identifiable information.

American Business Systems, LLC and its technology partners (“ABS”) intend to be fully compliant with each of HIPAA's requirements since efficiencies will be realized from the widespread adoption of such standardized electronic interfaces.
Here is a breakdown of the current HIPAA requirements and ABS’s actions to accommodate each one:

A) In line with HIPAA's first goal to promote industry-wide use of electronic transactions and transmission of information, the Act provides a strong disincentive to those using paper claims management. After October 16, 2003, covered entities, including health plans, clearinghouses, and any providers who submit information electronically, will be prohibited from submitting paper claims to Medicare. Instead, submission of electronic, HIPAA-compliant, Medicare claims will be a precondition to payment. HIPAA will also require that such electronic transmission be secure.

To this end, ABS, through its online practice management system, attempts to send all submitted claims electronically. Paper claims are only sent(through its clearinghouse partners) to payors that currently do not accept electronic submission. Over 85% of all claims that go through the ABS practice management system are submitted to the payors electronically. We have also partnered with Verisign, the leading provider of digital trust services in electronic commerce and communications. Verisign is powered by a global infrastructure that manages more than seven billion communications and transactions a day. With Verisign, our trusted transactions over the Internet are secured by Secure HTTP (HTPPS) using 128bit encryption, the highest level of encryption, from the browser to the database and back.

B) We have also taken significant measures to ensure that our transaction set formats, a second major HIPAA regulation, will be compliant as well. To this end, we have secured the services of two of the health care industry's largest clearinghouses, WebMD Emdeon and McKesson HBOC. These clearinghouses will be ensuring that the claims data they receive are transmitted to the payors in the specific 837 ANSI data formats required by HIPAA. In the face of state and federal medical data compliance regulations, our clearinghouses are naturally very committed to HIPAA as well. You can read about our clearinghouses' plans for HIPAA below:
http://www.mckesson.com
http://www.webmd.com

Go to Search: HIPAA to see HIPAA Compliancy statements.

C) Finally, in addition to proper information transmission and data formatting, HIPAA also enforces the overall protection and confidentiality of patient information. Security is crucial for practitioners, and patients want to know that their medical data will stay private.

ABS understands these concerns and uses the latest Web technologies to ensure security. First, to access information, users must supply a username and password when logging into the ABS System website. This username and password is encrypted and sent to our databases for verification. Upon authentication, a secure session is started using Secure-HTTP (HTTPS). If a session times out (perhaps due to interruptions at the office), the password must be supplied again to continue working. This ensures that only the authorized personnel who knows the password can access data via the website. Our firewall architecture prevents unauthorized access to the network and back-end databases. Our data is located in a secure facility with multiple security systems that summon police immediately if compromised and all employees must sign a nondisclosure agreement upon the start of their employment.