Health Insurance Portability and Accountability Act (HIPAA) is a United States legislation. Through its Privacy Rule and Security Rule it mandates the ‘Covered Entities’ (health plans, healthcare clearinghouses, and healthcare providers) as well as their ‘Business Associates’ (other covered entities or service providers having access to the protected health information) to protect privacy and security of health information (Protected Health Information – PHI).

Key Benefits:

• Reduced risk of information theft and resulting impacts
• Protection of reputation and image
• Prevention of legal actions and penalties
• Increased customer confidence

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary security standard published by the PCI Security Standards Council (PCI SSC). The standard specified security controls to be established by the an organization that accepts, transmits or stores and cardholder data.

Key Benefits:

• Reduced risk of theft of cardholder data and resulting impacts
• Improved customer trust level
• Increased business opportunities due to compliance status

The American Institute of Certified Public Accountants (AICPA) through it Statement on Standards for Attestation Engagement (SSAE 18) requires Reporting on Service Organizations Controls (SOC). These reports needs to be attested by a licensed Certified Public Accountant (CPA). SSAE 18 SOC 1 reports evaluate the effect of the controls at the service organization on the user entities’ financial statement assertion. In addition to this the AICPA also provides reporting on controls related to Confidentiality or Privacy, Processing Integrity, Availability and Security – SOC 2 and SOC 3. A Type 1 Report evaluates suitability of the design of controls while the Type 2 report evaluates suitability of the design and operating effectiveness of controls.

Key Benefits:

• Improvement in internal controls thereby reducing risk exposure
• Increased trust level of all interested parties
• Effective fulfillment of contractual obligations

Meaningful Use Act

Through the provisions of Health Information Technology for Economic and Clinical Health (HITECH) Act, the Centers for Medicare & Medicaid Services (CMS ) and the Office of the National Coordinator for Health IT (ONC) promotes the meaningful use of inter-operable electronic health records (EHR) throughout the United States healthcare delivery system. It promotes the use of Certified EHR Technology (products / applications) that helps improve quality of care. The developers of such EHR Technology are expected to implement a quality management system (QMS) in line with the CMS rules.

Key Benefits:

• Financial benefits to the healthcare providers using the Certified EHR Technology
• Improved internal consistency and efficiency in the development, testing, implementation and support processes
• Increase in trust levels of all interested parties
• Prevention of legal actions and penalties

National Accreditation Board for Hospitals & Healthcare Providers

Insurance Regulatory Authority of India (IRDA) has mandated all small and big Hospitals that provide cashless service to get atleast entry-level NABH accreditation. Certain states in India requires NABH accreditation for Hospital participating in various state Government sponsored insurance schemes. The NABH accreditation requires an Hospital to implement Patient Centered Standards categorized in 5 types and Organization Centered Standards categorized under 5 types.

Key Benefits:

• Enables a Healthcare Organization to participate in Government Sponsored Insurance Schemes
• Helps ensure improved quality care and patient safety
• Increases community confidence in the services provided by an Hospital
• Provides for an overall professional development of hospital clinicians and staff