HIPAA is to be enacted to standardize the secure transmission of billing information. If a system handles billing as well as client tracking, you certainly should ensure that your system supports these HIPAA standards. Automation, secure transaction, Privacy are expected to result in administrative efficiency.

E-billing is slowly addressing security issues on their internal network. Hackers were able to hijack the company's Web sites by stealing the user name and password needed to make account changes at the Web site of Network Solutions.

HIPAA applies to any organization that transmits any electronic billing information such as invoices, or information needed to look up insurance information to any health insurance company, including Medicare or Medicaid. This means that HIPAA typically regulates organizations providing counseling, therapy or other services that need to bill insurance companies.

If you conduct any billing-related electronic communications with insurance companies, then all your data, processes, and systems throughout the organization are subject to the HIPAA guidelines, even if you bill only for one program or a few.

The 2009 American Recovery and Reinvestment Act (ARRA), includes a section called the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HITECH Act adopts "electronic health records" (EHRs) to improve efficiency and lower healthcare costs. Due to the increase in privacy and security risks, the HITECH Act introduced new security and privacy related requirements for business associates under HIPAA.

The fines for non-compliance with the HIPAA privacy rule have increased significantly with the introduction of the HITECH Act. An organization can now be fined up to $1,500,000 per calendar year for each violation.

Security standards apply to the protection of electronically stored or transmitted information from corruption by viruses or theft by hackers or sending PHI on unsecured channels. The security standards are not intended to address how paper information is stored. They mandate safeguards for physical storage maintenance, protection, and access to individual health information.

Access to equipment containing useful information should be carefully controlled and monitored. Permission to access hardware and software must be limited to authorized individuals. Access controls must consist of security plans, maintenance records, and visitor sign-in and escorts. Workstations should be removed from high traffic areas and monitor screens should not be in direct view of the public. If the covered entities utilize contractors or agents, they too must be fully trained on their physical access responsibilities. Automated security updates are another feature that could be used to help limit the scope of security threats.

Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.

Implement hardware, software, and procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

Implement procedures to verify that a person or entity seeking access to electronic protected health information is the authorised one .