|
|
 |
| Implementing an electronic medical record (EMR) is a major initiative that should be undertaken only after a thoughtful analysis of the costs and benefits involved. |
| read more |
|
|
|
| ADA for exchanging data processing standards to the dental services of the health care industry... |
| read more |
|
|
| Barack Obama: In his Plan for a Healthy America, Obama calls for lowering costs through investment in electronic health information technology systems, acknowledging... |
| read more |
|
| |
|
 |
| |
|
| HIPAA
is the acronym for the Health
Insurance Portability and Accountability Act
of 1996. HIPAA is arguably the single most significant
Federal legislation affecting the health care
industry since the creation of the Medicare and
Medicaid programs in 1965. Under title II of HIPAA,
Congress passed the Administrative Simplification
provisions of HIPAA, among other things, to protect
the privacy and security of protected health information
(PHI), and promote efficiency in the health care
industry through the use of standardized electronic
transactions. President Clinton signed the Kassebaum-Kennedy
Health Insurance Portability and Accountability
Act on August 21, 1996. |
| |
- To improve portability and continuity of
health insurance coverage in the group and
individual markets
- To combat waste, fraud, and abuse in health
insurance and health care delivery
- To reduce costs and the administrative burdens
of health care by improving efficiency and
effectiveness of the health care system by
standardizing the interchange of electronic
data for specified administrative and financial
transactions.
- To ensure protecting the privacy of Americans’
personal health records by protecting the
security and confidentiality of health care
information
|
The
Privacy Rule sets the standards for, among other
things, which may have access to PHI, while the
Security Rule sets the standards for ensuring
that only those who should have access to EPHI
(or Electronic PHI) will actually have access.
The main impetus behind these rules is to protect
the confidentiality, integrity, and availability
of PHI in any form: written, verbal, or electronic.
History of HIPAA
And How the Security
Rule Affects You
The Health Insurance Portability and Accountability
Act (HIPAA) is the catalyst for change in healthcare.
Enacted by Congress on August 21, 1996, its purpose
is to enable better access to health insurance,
reduce fraud and abuse and lower the overall cost
of healthcare in the United States.
HIPAA addresses two primary
concerns in healthcare
Portability and accountability. Title I protects
health insurance coverage for workers and their
families when they change or lose their jobs.
Title II, the Administrative Simplification provisions,
requires the Department of Health and Human Services
(HHS) to establish national standards for electronic
health care transactions and national identifiers
for providers, health plans, and employers. It
also addresses the security and privacy of health
data.
HIPAA’s Three
Rules
As the agency charged with drafting the act, HHS
distilled the Administrative Simplification provisions
into three rules: the Privacy Rule, Transactions
and Code Set Standard, and the Security Rule.
HHS oversees and enforces the Privacy Rule, while
the Centers for Medicare & Medicaid Services
(CMS) oversees and enforces all other Administrative
Simplification requirements, including the Security
Rule. |
 |
Privacy
Rule
Compliance
deadline April 15, 2003
The Privacy Rule provides the first comprehensive
Federal protections for the privacy of health
information. It specifically defines the authorized
and unauthorized disclosures and uses of individually
identifiable health information.
Transactions and Code Set
Standard
Compliance
deadline October 16, 2003
This rule mandates use of predefined transaction
standards and code sets for communications and
transactions in the healthcare industry.
Security Rule
Compliance deadline April 21,
2005
The Security Rule addresses security of electronic
protected health information (ePHI). Unlike the
Privacy Rule, which provided broader protection
for all forms of health information—paper, oral,
and electronic—the Security Rule is concerned
with the technical aspects of protecting ePHI.
The Security Rule - What
You Need To Know
Prior to HIPAA, no generally accepted set of standards
existed for protecting health information. As
technology evolved, and the healthcare industry
moved from paper processes to computers for administrative
and clinical functions—such as Web-based applications,
CPOE systems and remote access for physicians—the
security standards in HIPAA were developed for
two primary purposes: |
- To protect certain electronic health care
information that may be at risk
- To protect individual health data while
permitting appropriate access to that information—and
promote the use of electronic health information
in the industry
|
| HIPAA
security standards are divided into administrative,
physical, and technical safeguards. |
- Administrative safeguards include assignment
or delegation of security responsibility to
an individual and security training requirements.
- Physical safeguards are the mechanisms required
to protect electronic systems, equipment and
the data they hold, from threats, environmental
hazards and unauthorized intrusion. They include
restricting access to EPHI and retaining off
site computer backups.
- Technical safeguards are the automated processes
used to protect data and control access to
data. They include using authentication controls
to verify that the person signing onto a computer
is authorized to access that EPHI, or encrypting
and decrypting data as it is being stored
and/or transmitted.
|
| Each
set of safeguards comprises a number of standards,
which in turn comprise implementation specifications
that are either required or addressable. Required
specifications must be implemented; addressable
specifications must be assessed to determine if
they’re reasonable and appropriate in your environment. |
|
HIPAA
Benefits
Significant resources need to be invested over
the next several years to achieve compliance with
the HIPAA legislation and to realize the long-term
benefits. The benefits of HIPAA include: |
- Lowering administrative costs
- Improved efficiency for patients and providers
- Increasing customer satisfaction
- Improved security and privacy of information
|
| HIPAA
Covered Entities |
- Health Plans
- Health Care Providers who use certain electronic
transactions
- Health Care Clearinghouses
|
| HIPAA
Provisions |
- Transaction Standards and Code Sets
- Privacy
- Security
- National Standard Identifiers
- Provider
- Employer
- Health Plan
- Individual
|
HIPAA
Transactions and Code Sets (TCS)
The rules for Transactions and Code sets were
published on August 17, 2000 and with modifications
published in May 2002. The compliance date was
October 16, 2002. On December 27, 2001 President
Bush signed HR3323, which provides for a delay
in the implementation of the TCS rules of HIPAA.
This extended the compliance due date to October
16, 2003, if a compliance extension is requested.
Further modifications to the final rule were published
in February 2003. This rule finalizes provisions
applicable to electronic data transaction standards
from two related proposed rules published in the
May 31, 2002 Federal Register. It adopts proposed
modifications to implementation specifications
for health care entities and for several electronic
transaction standards that were omitted from the
May 31, 2002 proposed rules.
The purpose of these regulations is to standardize
the electronic exchange of information (transactions)
between trading partners. These transactions are
mandated to be in the ANSI ASC X12 version 4010
formats. The covered transactions include: |
| |
- 270 = Eligibility Inquiry
- 271 = Inquiry and Response
- 276 = Claim Status Inquiry
- 277 = Claim Status Inquiry and Response
- 278 = Authorization Request and Authorization
Response
- 820 = Health Insurance Premium Payment
- 834 = Beneficiary Enrollment
- 835 = Remittance / Payment
- 837 = Claim or Encounter
|
| The
HIPAA Code Set Regulations
establish a uniform standard of data elements
used to document reasons why patients are seen
and the procedures performed during health care
encounters. HIPAA specified code sets to be used
are: |
| |
- Diagnoses - ICD 9
- Procedures - CPT 4, CDT
- Supplies/Devices – HCPCS
- Additional Clinical Data - Health Level
Seven (HL7)
|
| HIPAA
specified administrative codes set for use in
conjunction with certain transactions and HIPAA
eliminated local codes. |
|
HIPAA
National Standard Identifiers
These regulations establish standard numerical
identifiers for health plans, providers, and employers
to simplify administrative processes, such as
referrals and billing, to improve accuracy of
data, and reduce costs. The final rule for the
Employer Identifier, which became effective in
July 2002, establishes a standard for a unique
employer identifier and requirements concerning
its use by health plans, health care clearinghouses,
and health care providers. The health plans; health
care clearinghouses, and health care providers
must use the identifier, among other uses, in
connection with certain electronic transactions.
Final rules are pending for the National
Standard Health Care Provider Identifier,
the National Individual Identifier, and Standard
Unique Health Plan (Payer) Identifier.
Penalties for Failure to Comply
with HIPAA
The legislation carries heavy civil and criminal
penalties for failure to comply. US DHHS Office
for Civil Rights will enforce civil penalties
that may include penalties from $100 per violation
to $25,000 per calendar year. US Department of
Justice will enforce criminal penalties which
may include up to 10 years imprisonment and a
$250,000 fine.
An interim final rule on Enforcement was published
in April 2003. It establishes rules of procedure
for the imposition, by the Secretary of Health
and Human Services, of civil money penalties on
entities that violate standards adopted by the
Secretary under HIPAA. The Interim Rule is effective
until September 16, 2004.
EDI
Transactions with HIPAA Compliance
With a tremendous interchange of information between
resources, the security measures that enable the
interchange of information are guided by the HIPAA.
Below mentioned are some features of the EDI transactions
through HIPAA. |
| |
| Features |
- Links to those Chapters of the Medicare
Claims Processing Manual (pub.100-04) that
contain further information on Health Insurance
Portability and Accountability Act (HIPAA)
contingency plans.
- The Administrative Simplification Compliance
Act (ASCA) requirement that claims be sent
to Medicare electronically as a condition
for payment.
- How you can obtain access to Medicare systems
to submit or receive claim or beneficiary
eligibility data electronically.
|
|
| |
|
| |
|