HIPAA
What is HIPAA?
HIPAA is an
acronym for the Health Insurance Portability and Accessibility Act of 1996. The
purpose of this federal legislation is to improve the efficiency and
effectiveness of the health care system by standardizing the electronic data
interchange of certain administrative and financial transactions, and protect
the security and privacy of transmitted information. HIPAA required the
Department of Health and Human Services (DHHS) to develop standards in three
major areas:
-
Electronic Data, including electronic transactions, code sets, and
unique identifiers (individual, employer, provider, and health plan);
-
Privacy of health information; and
-
Administrative, physical, and technical security.
It has taken
several years for the federal government to adopt the administrative rules to
implement this legislation, and most of the rules have now been adopted and
compliance dates for implementation have been issued.
All health care providers that choose to electronically transmit any of the
covered transactions (such as electronic billing) are required to implement all
of the HIPAA provisions. DHHS has defined case management as an "atypical health
care service." Another category of "atypical health care service" are
rehabilitation services, such as home and community based services.
What Does This Mean?
The federal government is developing standard identification numbers, standard
transaction codes, and billing forms that will replace the multiple code sets
and forms used by health plans, both private and public. Therefore, the
Department of Human Services should notify all Medicaid providers of the changes
in billing forms, billings codes and provider numbers by October 16, 2002, the
date they are required to comply with this provision.
The Privacy
provisions Under the HIPAA rules defines who is authorized to access information
and the right of individuals to keep information about themselves from being
disclosed. There are five basic principles of the HIPAA privacy provision. They
are:
-
CONSUMER CONTROL: There are new rights to consumers to control the release of
medical information.
-
BOUNDARIES: Health information should be used for health purposes only (i.e.
treatment and payment) with few exceptions.
-
PUBLIC RESPONSIBILITY: The balance of privacy protections with the public
responsibility to support national priorities.
-
SECURITY: Organizations are responsible to protect health information against
misuse and disclosure.
- ACCOUNTABILITY:
There will be federal penalties if a patient’s right to privacy is violated.
DHHS has not
completed the final rules for the security provisions and therefore there
is no date set for compliance. Generally they have been giving two years
following the effective date of the administrative rules.
Carroll County, Iowa