Health insurance portability and accountability act
Kenneday - Kassebaum are the two senators who conceived and spearheaded the bill, which after enactment came to be known as Health Insurance Portability and Accountability Act or is otherwise popularly known as Kenneday Kassebaum Act. It was passed in 1996 to create better awareness among people about health insurance, the rights and protection available to the end beneficiaries of health insurance policies. Several states in the U.S. modified and expanded the provisions of this act since 1996 to suit their own requirements depending upon local conditions and locally perceived health insurance needs.
Some of the salient features and general information of reasonable importance about HIPAA and its rules is as under :
• There are certain private organizations in the U.S which set the standards for health insurance and all related transactions. Electronic health transactions pertaining to claims, enrollment, eligibility, payment and coordination of benefit etc. Come under the scope of the standards set by these organizations.
• Security of electronic health information systems is an area of vital concern. The standards set by these organizations adequately take care of this aspect.
• These organizations ensure that by standardizing electronic data interchange, the efficiency in health care delivery mechanism can be improved and maintained.
• The standards set by these organizations further ensure and enforce that confidentiality and security of health data is amply and adequately protected.
• HIPAA facilitates and enables Department of Health and Human Resources to publish new rules that would adequately ensure that patient health data, administrative data and financial data which is electronic form shall be duly standardized. Unique health identifiers shall be allotted to individuals, employers, health plans and health care providers for easy identification and recognition. Hipaa specifies security standards which protect the confidentiality and integrity of past, present and future health information that is created and maintained on individually identifiable basis.
• Universities, information system vendors, various service organizations, life insurers, and virtually a range of health care organizations like health care providers, health plans, public health authorities, health care clearing houses and self ensured employers come under the ambit of Hipaa.
• The entity covered by Hipaa must maintain the documentation for six years from the date of its creation or the date when it was last modified. Those persons responsible for implementing the procedures should have access to this documentation as and when required. The entities should review the documentation periodically, do need based up dation and maintenance of data.
• The operations and standards followed by different health care organizations are not alike and are not uniform in several respects and hence in general the compliance responses are not standard among organizations. For example an organization, depending on its computer net work environment, will be required to implement one or more security authentication access mechanisms like user-based access, role-based access and context-based access etc. These mechanisms vary from organization to organization.
• Effective compliance requires organization-wide implementation of several aspects. Compliance requirements include building initial organizational awareness of HIPAA. Comprehensive assessment of the organization's privacy practices, information security systems, procedures, and use of electronic transactions. Development of an action plan to ensure compliance with each rule. Developing a technical and management infrastructure to implement the plans. Formulating a comprehensive implementation action plan.
• Non-compliers should be ready to face severe civil and criminal penalties which include fines up to $ 25 K for multiple violations of the same standard in a calendar year and fines up to $ 250 K and/or imprisonment up to 10 years for willful misuse of individually identifiable health information.
• Compliance deadline is generally 24 months from the effective date of final rules for most entities. The effective date is 60 days after a rule is published.
• Administrative Simplification of HIPAA consists of four parts, each of which has generated a variety of rules promulgated by the Department of Health and Human Services. The four parts of Administrative Simplification are:
Standards for Electronic Transactions
• Unique Identifiers Standards
• Security Rule
• Privacy Rule
The term Electronic Health Transactions includes health claims, health plan eligibility, enrollment and de-enrollment, payments for care and health plan premiums, claim status, first injury reports, coordination of benefits, and related transactions. Many different electronic formats to transact medical claims and related business were used by health providers in the past. For simplifying and improving transactions efficiency nationwide, implementing a national standard is thought of which would ultimately result in the use of one format. All health plans providers should adopt these standards. However electronic transactions are required by Medicare and all Medicare providers must adopt the standards for these transactions. If they don't, they will have to contract with a clearinghouse to provide translation services. Virtually all health organizations also must follow standard code sets to be used in all health transactions. For example, coding systems that describe diseases, injuries, and other health problems, as well as their causes, symptoms and actions taken must be uniform. The same coding shall be used by all parties to any transaction, for the purpose of reducing errors and duplication of effort. Many health plans, clearinghouses and providers already use the code sets as proposed in HIPAA standards.
Multiple identification formats were being used by Healthcare organizations in the past, while conducting business with one another this was an error prone approach and more often than not used to lead to confusion. Identifier standard is a viable solution to this problem. The identifier standard for electronic transactions requires hospitals, doctors, nursing homes, and other healthcare providers to obtain a unique identifier when filing electronic claims with public and private insurance programs. Providers can apply for an unique identifier once and keep it if they relocate or switch from one specialty to another specialty.
The Security Rule requires all covered entities to ensure the confidentiality, integrity, and availability of all electronic protected health information that the covered entities create, receive, maintain and or transmit. The security rule requires entities to protect against any disclosures of such information that are not permitted by the Privacy Rule and ensure compliance by their workforce. The covered entities should ensure application of appropriate policies and procedures, safeguard physical access to electronically protected health information and further ensure that technical security measures are in place to protect networks, computers and other electronic devices.
The privacy of all individually identifiable health information available in the hands of covered entities, regardless of the fact that the information is in electronic form or other wise is well taken care of and protected by the Privacy Rule. It gives patients new rights to access their medical records, restrict access by others, request changes, and to learn how they have been accessed
The bottom line: Hipaa ensures sweeping changes in most health care transactions and administrative information systems in the U.S.
Other Articles
