|
|||||||
HIPAA at DSHSTopics on this page: What is HIPAA?HIPAA is the acronym of the Health Insurance Portability and Accountability Act of 1996. The main purpose of this federal statute was to help consumers maintain their insurance coverage, but it also includes a separate set of provisions called Administrative Simplification. This section of the act is aimed at improving the efficiency and effectiveness of the health care system. The key components of Administrative Simplification include:
Covered EntitiesThe HIPAA regulations apply to:
Business associates of a covered entity are not directly controlled by the regulations, but mandatory contracts require them to protect the privacy of individually identifiable information. Government agencies specifically named in the regulations are covered entities, as are agencies that function as a health plan or a health care provider. Provisions
Electronic Data Interchange ( EDI )These regulations are identified as the Transaction Code Set Standards. The final rules for EDI and Code sets were implemented on October 16, 2003. Several of the transaction regulation standards are still under review and have not been published.The purpose of these regulations is to standardize the electronic exchange of information (transactions) between trading partners. These transactions are mandated to be in the ANSI ASC X12 version 4010 format. The covered transactions include:
HIPAA specified administrative codes set for use in conjunction with certain transactions and HIPAA eliminated state-specific local codes. PrivacyThese regulations establish standards for protecting individually identifiable health information and for guaranteeing the rights of individuals to have more control over such information. HIPAA privacy regulations were implemented on April 14, 2003. Privacy rules define the rights of individuals and security rules define the process and technology required to ensure privacy. SecurityThese regulations establish standards for the security of electronic protected health information (PHI). HIPAA security regulations were implemented on April 21, 2005 for all but small health plans (who must comply by April 20, 2006). The final regulations adopt standards for the security of electronic protected health information (e-PHI). These standards are organized into the following three high level categories:
National Provider Identifiers (NPI)These regulations establish the standard unique health identifier for health care providers to simplify administrative processes, such as referrals and billing, to improve accuracy of data, and reduce costs. The Final Rule was published January 23, 2004. Health Care providers began applying for NPIs on the effective date of the final rule, which was May 23, 2005. All health care providers are eligible to be assigned NPIs; health care providers who are covered entities must obtain and use NPIs.
Penalties for Failure to Comply with HIPAAThe legislation carries heavy civil and criminal penalties for failure to comply.US DHHS Office for Civil Rights will enforce civil penalties that may include penalties from $100 per violation to $25,000 per calendar year.US Department of Justice will enforce criminal penalties which may include up to 10 years imprisonment and a $250,000 fine. Last Updated July 22, 2005 |
|||||||
|