AmerisourceBergen
Investors Suppliers News & Events Careers Contact Us About Us Search
Because it's all right here
Retail PharmaciesHealth SystemsAlternate Care
Home > News & Events
Calendar Events
Press Releases
INSIGHTS Newsletter
Legislative Updates

User Login


forgot password?
new user registration

AmerisourceBergen's HIPAA Commitment Request Info Request Info   Tell a Friend Tell a Friend   Printable Version Printable Version
As a leader in pharmaceutical distribution and specialty healthcare services, AmerisourceBergen and its affiliated companies realize the importance of the Federal HIPAA regulations as it relates to our customers and associates and are currently implementing a program to begin HIPAA awareness in our drive toward compliance.

Although HIPAA does not affect every aspect of our business, AmerisourceBergen is committed to achieving full compliance with the HIPAA regulations as it relates to our external customers and our associates.  In addition, we are working closely with our vendors to determine their appropriate compliance as it impacts ABC strategy.  It is the goal of ABC to ensure that our staff meets their HIPAA commitment while assisting our customers in meeting their HIPAA goals. AmerisourceBergen currently has a Privacy executive who manages the Privacy Office and a Security Director who manages the Enterprise Security function. Both functions are designed to direct and monitor the ongoing initiatives within AmerisourceBergen operations.  Additionally, we are working towards compliance, to ensure that systems, policies and procedures are in place to support the initiative.

What is HIPAA?
 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a significant healthcare reform law that passed Congress in 1996.  This regulation's primary purpose is to:

  • Improve efficiency and effectiveness of healthcare through standardization of
    all shared electronic information
  • Protect the privacy and security of patient information stored and exchanged electronically
  • Reduce the cost of exchanging information among healthcare partners

Compliance with HIPAA is a phased in approach that will vary in complexity based upon the type of organization.  AmerisourceBergen will be working within the guidelines established by the regulatory body to ensure compliance.

HIPAA can be divided into 3 components:

Privacy - These regulations address Protected Health Information (PHI) and Individually Identifiable Health Information (IIHI).  Compliance with these regulations is required by April 14, 2003.

PHI - Protected Health Information: PHI preserves an individual's right to adequate notice of the uses and disclosures of PHI that may be made by the covered entity, and of the that individual's rights and the covered entity's legal duties with respect to PHI. Under the HIPAA Privacy Rule, a consent is a general document that gives health care providers that have a direct treatment relationship with a patient permission to use and disclose all protected health information (PHI) only for treatment, payment and other health care operation (TPO).  An authorization is more detailed and specific than a consent, and gives providers permission to use specified PHI for purposes which are generally other than TPO, or to disclose PHI to a third party specified by the individual.

IIHI - Individually Identifiable Health Information: IIHI is covered under the new HIPAA federal regulations. To preserve patient privacy to comply with the regulations, this type of information should NOT be transferred from a secure environment to an insecure environment (i.e., unencrypted email, laptop, desktop or a Personal Digital Assistant (PDA)/handheld device).

Transaction Code and Unique Identifiers (TCI) - This part of HIPAA deals with standardizing transaction formats, codes and national identifies for providers, patients, etc.  Standardized code sets include those that are used for healthcare transmission such as the CPT-4, NDC and ICD-9 code sets. Required compliance for transaction and code sets is by October 16, 2003.  Employer identifier compliance is required by July 30, 2004.

Security - The HIPAA Security Regulation defines administrative, physical and technical security safeguards to protect the confidentiality, integrity and availability of "electronic protected health information."  The security standards require covered entities to implement basic safeguards to protect electronic protected health information from unauthorized access, alteration, deletion, and transmission.  Among the safeguards are risk assessments, disaster recovery plans, facility access controls and security awareness training requirements. 

The HIPAA Security Regulation was finalized on February 20, 2003.  While compliance with the HIPAA Security Regulation is April 21, 2005, compliance with the HIPAA Privacy Regulation relies upon the implementation of several safeguards contained in the HIPAA Security Regulation.

AmerisourceBergen HIPAA Contact Information:

For additional information on HIPAA at AmerisourceBergen, contact the Privacy Office at 1.610.727.2300 or use the email HIPAA@amerisourcebergen.com.

For complaints on HIPAA at AmerisourceBergen, contact the Corporate Privacy Office at 1.610.727.2300 or use the email HIPAAabuse@amerisourcebergen.com

For anonymous HIPAA complaints please contact the Corporate Privacy Office at 1.800.241.5689.
Copyright © 2007 AmerisourceBergen Corporation - All Rights Reserved.
Home | Careers | Contact Us | Help/FAQs | Site Map | Terms & Conditions | Privacy Policy | Download Adobe® Reader®