WHAT IS HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal act which includes important protections for people who change jobs, are self-employed or who have pre-existing medical conditions. The part of the law labeled Administrative Simplification (HIPAA-AS) is intended to improve the efficiency and effectiveness of the health care system by standardizing the exchange of electronic, administrative and financial data. It is also intended to protect the security and privacy of patient health identifiable information (PHI)

  • Health Plans - Most health plans, including Medicare and Medicaid, ERISA plans, Indian Health, self-administered, except self-administered plans with fewer than 50 participants, must comply.
  • Healthcare Clearinghouses - All healthcare clearinghouses must comply.
  • Healthcare Providers - Any health care provider that conducts certain financial and administrative transactions electronically (e.g., electronic billing and electronic funds transfer) must comply.
  • Business Partners - Business partners of entities required to comply with standards must also comply.

For additional information on how HIPAA-AS will impact you and your business partners, please contact the U.S. Department of Health and Human Services (HHS) – or BlueCross BlueShield of Western New York.

Transaction and code sets are rules that regulate and standardize electronic exchanges of health information between "covered entities" (CE's). All health plans, payors, clearinghouses and providers that process health data electronically are considered CE's. All CE's under the act must use the same standards for electronic transmission of individually identifiable protected health information (PHI). After the established compliance date, if you, as a CE, conduct one of the eight "standard transactions," then you must use the standard electronic language and codes.

Here are the eight standard transactions:

  1. Health care claims or equivalent encounter information
  2. Health care payment and remittance advice
  3. Coordination of benefits
  4. Health care claim status
  5. Enrollment and disenrollment in a health plan
  6. Eligibility for a health plan
  7. Health plan premium payments
  8. Referral certification and authorization

These standard transactions go into effect

  • October 16, 2002 for large health plans
  • October 16, 2003 for small health plans.

Providers are required to comply even if transactions are conducted on their behalf via a third party (business associate).

For additional information on how HIPAA-AS will impact you and your business partners, please contact the U.S. Department of Health and Human Services (HHS) – or BlueCross BlueShield of Western New York.

The Department of Health and Human Services released standards for the privacy requirement of HIPAA.

All covered entities (CE) must follow the rules on use and disclosure of protected health information (PHI). The privacy rules are not limited to the electronic exchange of PHI, but also cover PHI in all forms, such as written, oral, and electronic exchanges.

The compliance dates for the privacy rules are

  • April 14, 2003 for large plans 
  • April 14, 2004 for small plans

With some exceptions, the regulations indicate that a direct treating provider must obtain consent prior to using or disclosing protected health information (PHI)to carry out treatment, payment or health care operations. Except as noted by the regulations, CE's cannot use or disclose protected health information (PHI) without an authorization. This may impact your day-to-day operations. You may wish to consult legal counsel on this issue.

For additional information on how HIPAA-AS will impact you and your business partners, please contact the U.S. Department of Health and Human Services (HHS) –or BlueCross BlueShield of Western New York.

What Should Providers be Doing?

  • Dedicate resources to HIPAA compliance.
  • Continue or start to organize your business for change.
  • Evaluate every system and process. Review how changes in each of these functional areas will affect your business.
  • Get in writing from your system vendor or in-house IS staff what their plans are. Get in writing when they will be ready.
  • Document and communicate new processes
  • Network with other providers, payors and associations on 'best practices' and timelines.
  • Look for future health care news articles on HIPAA information.

For additional information on how HIPAA-AS will impact you and your business partners, please contact the U.S. Department of Health and Human Services (HHS) – or BlueCross BlueShield of Western New York.

There are many national and regional organization which are undertaking various activities in an effort to support the success and implementation of HIPAA.Some of these include:

For additional information on how HIPAA-AS will impact you and your business partners, please contact the U.S.Department of Health and Human Services (HHS) – or BlueCross BlueShield of Western New York.

Health Care Security

For additional information on how HIPAA-AS will impact you and your business partners, please contact the U.S. Department of Health and Human Services (HHS) – or BlueCross BlueShield of Western New York.