goto Indian Health Service home page  Indian Health Service:  The Federal Health Program for American Indians and Alaska Natives

goto Health and Human Services home page goto Health and Human Services home page
picture of Family holding hands
HIPAA – Health Insurance Portability and Accountability Act title
These plug-ins
may be required
for the content
on this page:

Link to Adobe Acrobat Plug-in Acrobat
Link to MicroSoft Word Plug-in MS Word
Link to MicroSoft PowerPoint Plug-in PowerPoint
Link to MicroSoft Excel Plug-in Excel

IHS Plug-in Page

Use site contact
if unable to view
a particular file


Hot Topics:

  • View the current IHS electronic Transaction Testing and RPMS for meeting HIPAA Electronic Transactions and Code Sets standards. Included with the status report are instructions for adding HIPAA required provider and location taxonomy codes to RPMS along with the RPMS Provider Taxonomy Cross-Walk Table.

  • A HIPAA Compliance Packet is provided to assist Area and site level programs in meeting HIPAA Transactions and Code Sets standards.

  • Minutes of conference calls addressing this issue are included as a reference for people who were not able to be on a call.

  • NEW!Updated IHS HIPAA Coordinators: This links to the current IHS HIPAA Coordinators (updated March 2008) who are responsible for their respective Area in all aspects of the Health Insurance Portability and Accountability Act (HIPAA).

    This links to the current colorized pamphlet IHS Notice of Privacy Practices (September 14, 2007) that was developed by the IHS HIPAA Privacy Compliance workgroup consisting of lawyers, health information management consultants and the IHS Privacy Act/HIPAA Privacy Officer.

    This links to the HHS-Office for Civil Rights(OCR)-HIPAA Complaint Form, Instructions to where to file your complaint at the OCR Regional Office.   It is your option to file your complaint directly with the IHS facility where you were treated BUT you may follow the link above to file your complaint directly with Secretary, U.S. Health and Human Services.  Each IHS Area Office should have additional HIPAA Privacy information.

  • IHS HIPAA Compliant Forms/Policies and Procedures
    This links to the HIPAA Policy and Procedure Manual used by the IHS and the forms needed for procedures that require them. These were developed by a workgroup consisting of lawyers, health records personnel and privacy act officers. The Policy and Procedures were updated in September 2007 to be compliant with changes in the HIPAA regulations.

  • APRIL 15, 2005
    The Centers for Medicare and Medicaid Services has awarded Fox Systems, Inc. of Scottsdale Arizona, a five year contract to serve as the National Provider Identifier enumerator contractor.

    Fox Systems will process applications from healthcare providers and assign national standard provider identification numbers in accordance with HIPAA.

    At the time CMS is ready to accept applications for an NPI, health care providers can begin to apply. The NPI must be used on standard transactions with health plans, other than small health plans, no later than May 23, 2007. Providers should not begin using the NPI until health plans have issued specific instructions on accepting NPI on or before May 23, 2007.

    May 23, 2005 was the original date that providers could start applying for an NPI. As of April 5, 2005, CMS has not announced how this process will take place. CMS will announce information about how to contact Fox regarding the NPI as the NPI implementation date approaches.

As passed by the United States Congress, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will institute administrative reforms that will be phased in over the period 2000-2003. Of major importance in the HIPAA legislation is the issue of data and transaction standardization-a mandate very few healthcare providers can sidestep if they bill third parties for services provided to patients. The law also changes the way health care providers have to protect the privacy of a patient's health information and contains security procedures that must be followed to protect the integrity of a patient's health information.

HIPAA Project Team
Dr. Bob Harry, the Office of the Director IHS, is the national IHS HIPAA coordinator. To carry out his responsibilities, Dr. Harry has formed a multidisciplinary Team. This team will work with Dr. Harry to provide leadership and coordination of all efforts as IHS healthcare programs work to become HIPAA compliant.

The strategic plan developed by the headquarters HIPAA team calls for them to interpret the regulations and develop national policies needed to comply with them. The team will cooperate with regional and national I/T/U programs and provide them with related information and materials as they are developed for HIPAA compliance. Through the HQ HIPAA Team, Dr. Harry will monitor the progress of the HIPAA compliance effort by I/T/U programs.

It is expected that the IHS Area Offices will develop Area HIPAA compliance plans that will include policy development needed to achieve HIPAA compliance at the Area level. Also, the Area Offices will work with the local I/T/U programs in helping them become HIPAA compliant.

HIPAA Background
The Health Insurance Portability and Accountability Act (HIPAA) is also known as the Kennedy-Kassebaum bill. It was first proposed with the simple objective to assure health insurance coverage after leaving a job. Congress added an Administrative Simplification section to the bill (see the Department of Health and Human Services Administrative Simplification Web site for more information).

The goal of the Administrative Simplification section of the bill was to save money. It was requested and supported by the health care industry because it standardized electronic transactions and required standard record formats, code sets, and identifiers.

The impact of Electronic Standardization, however, was that it increased risk to security and privacy of individually identifiable health information. After Congress did not provide legislation defining the privacy and security requirements of HIPAA, the Department of Health and Human Services (DHHS) was required to provide them.

There are currently four proposed or final rules from DHHS for HIPAA:

  1. Transaction and Code Set standards (Final)
  2. Privacy standard (Final)
  3. Security standard (Final)
  4. Identifier standards (Proposed)

This file last modified: Friday March 28, 2008  11:47 AM