Design Distributors is now HIPAA Compliant

Many of our customers have had questions about what this means to them. Here is some basic information that might help you get a better understanding of what HIPAA is – and how it affects your direct mail

The Basics: HIPAA stands for the Health Insurance Portability and Accountability Act. Title 1 of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title 2 of HIPAA requires national standards for electronic health care transactions and includes the HIPAA Privacy Rule which went into effect in 2003. The Privacy Rule regulates the use and disclosure of Protected Health Information (PHI). PHI is any information held by a “covered entity” which concerns health status, provision of health care, or payment for health care that can be linked to an individual. A covered entity includes medical service providers, health insurers, employer health plans, and healthcare clearinghouses.

Requirements for Marketing: A healthcare provider can use a PHI derived mailing list to send communications about its products or services. This means a health care provider CAN use its patient list to announce a new piece of equipment or service. Wellness programs generally do not fall under the HIPAA guidelines. For example, it is okay for a health care provider to send a flyer about its new weight loss program to all clients defined as obese, even if the treatment they received was not for obesity.

Requirements for Fundraising: Many organizations who have access to Protected Health Information about their patients or members need to know the specific guidelines for using this data in their fundraising efforts. HIPAA regulations require that the organization obtain a patient’s authorization for many fundraising activities.

  • Protected Health Information (PHI) that can be used for fundraising without obtaining a patient’s authorization includes: date of service and demographic information (including address, age, gender, insurance status).
  • PHI that cannot be used without a patient first giving authorization includes: their diagnosis, the nature of services or treatment, and the place where the patient receives treatment if it identifies the treatment (for example, Department of Obstetrics). A healthcare provider that intends to use protected health information to contact a patient to raise funds must give the patient a “Notice of Privacy Practices.” Any fundraising efforts made by covered entities must include opt-out language. For example, an opt-out provision must be included when fundraising material is sent to former patients. An informational newsletter does not require the opt-out
    language; however, if you include a BRE to solicit funds, you would be required to include opt-out language. Health related associations like the American Heart Association or the American Diabetes Association are generally NOT subject to HIPAA, unless they engage in activities that would make them a “covered entity.”. An example would be if they operated a pharmacy.

HIPAA and Design Distributors: DDI recently completed a rigorous audit of our data security and general plant. As a result, we are now considered to be “HIPAA compliant.” This is an ongoing process and, as such, our company must continually improve and update our security. There is no such classification as “HIPAA certified.” DDI has the security processes in place to handle data from organizations that maintain Protected Health Information (PHI). We followed the ISO 27001 standards for
the framework to create our data management system.

What does DDI’s HIPAA compliance mean to YOU?
DDI is a secure facility. We have passed the rigorous audit process to become HIPAA compliant. This should give you the peace of mind that your data is safe. Our HIPAA compliance raises the bar on our data security and is in place for all of our clients, even those who do not fall under HIPAA guidelines but are concerned about their data.

Resource: http://www.ahp.org


Copyright Design Distributors, Inc. 2015,
300 Marcus Blvd., Deer Park, NY 11729 . Phone: (631) 242-2000 Fax: (631) 242-7367