The Health Insurance Portability and Accountability Act (HIPAA) (Public Law 104-191, 1996) was created to improve health insurance group portability and continuity coverage to combat health care insurance and delivery waste, fraud, and abuse; promote medical savings accounts use; improve long-term services and coverage access; and simplify health insurance administration.
Regulations for the disclosure of information to participants and beneficiaries are also being created for enforcement with respect to health insurance issuers. Law enforcement programs are coordinated to control fraud and abuse with respect to health plans. Programs are being implemented to conduct investigations, audits, evaluations, and inspections relating to health care delivery and payment. New guidelines and procedures to protect information confidentiality and individual's privacy will also be included, as well as rules to ensure documentation access. A Medicare Integrity Program has been established to review service provider's payment activities. As far as group plans are concerned, enrollment eligibility rules may not be established based on health status or medical conditions under prohibitive discrimination enrollment rules.
New Required Standards
A Health Care Fraud and Abuse Data Collection Program has been established to collect final adverse actions against health care providers, suppliers, and practitioners. A confidentiality clause to assure and protect individual's privacy receiving health care services is included in this reporting measure. Practitioner sanctions and failure to comply have been amended to be "up to $10,000 for each instance." Authorized investigative demand procedures include any records production requirements and testimony concerning the production and authentication of such records. Health Information Electronic Transmission requirements and standards will be implemented for any individually identifiable health information. The standard-setting organization includes the Prescription Drug Program National Council. Information transactions and data elements standards to enable electronic exchange of data will involve security standards. Security standards will be based on a record's system technical capabilities and computerized record system audit trails. Safeguards to ensure information integrity and confidentiality will be scrutinized, as well as threats or hazards and unauthorized use of information disclosure. Electronic signature standards and the information transfer handling process and sequential processing claims are also included in these new standards. Health Information Data Elements will dictate information transmission and reception processes.
HIPAA Summary
HIPAA has an extensive website that includes not only the statutory text for the act but also an overview, misunderstandings, Q&As, and a Provider HIPAA Readiness Checklist to help build awareness of the security of electronic health information transactions, Electronic Data Interchange (EDI), and code sets with regard to unique identifiers and privacy rules. The checklist includes items to determine if, as a health care provider, you are covered by HIPAA, assigned a HIPAA Point Person, understand HIPAA Deadlines, understand how HIPAA affects what you do, and a resource to help one talk to the health plans and payers that are billed. Definitions of terms such as Telemedicine (The use of medical information exchanged from one site to another using electronic communications for the health and education of patients or providers, and to improve patient care) can also be found on the website.
HIPAA Impact on the Real World
Are these new regulations really going to improve our health care programs? It seems that these guidelines will only further confuse healthcare providers and hinder them from providing quality services to the consumer. Because healthcare providers already have tremendous information and paperwork requirements, the ultimate cost will be passed on to the consumers. Filling a prescription these days may take more than standing in line.
Related and Associated Research
The Privacy Act of 1974, as amended at 5 U.S.C. 552a, identifies records access, maintenance, protection and disclosure requirements, and record systems requirements. Also see Public Law 93-579. As with the Freedom of Information Act (FOIA), these requirements bind only federal agencies and cover only records in the possession and control of federal agencies. Associated acronyms include:
- CMS Privacy Office - Centers for Medicare & Medicaid Services
- PHI - Protected Health Information
- HPP - Health Privacy Project
Other associated statutory language can be found in the Code of Federal Regulations, Title 42 - Public Health for the following records and related issues: Health Education Assistance Loan (HEAL) Program, Bonding-Insurance-Retention and Custodial Requirements, Medical Records Records Retention Requirements, Medicaid Issues, Patient Records Confidentiality (Drug and Alcohol), HEAL Lenders, Aged/Disabled Insurance, Medicare Contracts-Requirements, Programs for All-Inclusive Care (PACE), Critical Access Hospital-Clinical, Health Care Practitioners Records Examination, Medicare Program Integrity, Hospital Functions, Rural Health Clinic Report, and Patient Health.
This article was written by Ellie M. Myler, CRM, CBCP. For more information, contact Entium Technology Partners at (888) 757-2045.
Entium Technology Partners develops and implements life-cycle information programs that ensure compliant business rules and standards for all company records regardless of media type. These information programs control the creation, processing, maintenance, distribution, storing, and disposing of all corporate documents and records by combining information policies, processes, and procedures with the appropriate technology tools. Our solutions will allow enterprise-wide access to corporate documents and records while meeting internal security and business continuity needs.
