|
State Medicaid agencies and their business associates can use the data obtained pursuant to the process established under section 1902(a)(25)(I) of the Scial Security Act and applicable state laws, as permitted or required by law. This should include the coordination of payments for services covered under the Medicaid state plan and actions to ensure that correct payment amounts are made under the Medicaid program and that mistaken payments are recovered. If the appropriate legal relationships are established (e.g., business associate agreements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)), we expect that the data could be released to entities working under contract with a state agency for use in activities such as claims adjudication activities, or for the purpose of recovering improper Medicaid payments. State Medicaid agencies must have procedures in place to ensure that the privacy of individuals is appropriately protected, and that information concerning applicants and beneficiaries is protected in accordance with the requirements of 42 CFR Part 431 Subpart F and the regulations at 45 CFR Parts 160 and 164, which were promulgated under HIPAA and Health Information Technology for Economic and Clinical Health (HITECH) Act.
(FAQ10540)
|
