What is HIPAA?
Health Insurance Portability and Accountability Act ("HIPAA") passed by the US Congress in 1996 will have one of the most far-reaching effects on the providers and payors of healthcare services since the creation of Medicare in 1966.
The "Administrative Simplification" portion of HIPAA was created to:
- Reduce paper, improve security and save healthcare industry billions in administrative costs by creating a single set of electronic standards for exchanging health information between providers, payors, claims clearinghouses and other entities receiving and storing medical data on individuals.
- Improve the methods to secure confidential patient personal and medical information and guarantee a patient's right to access his/her medical records and control the method by which this information is disclosed; and
- Facilitate the detection and correction of fraud and abuse in healthcare financing.
HIPAA regulations will not only affect practice management technology, but its requirements will also affect data collection, claims operations, document storage, medical coding, patient relations.
HIPAA's Four Standards
- Standards for Security and Privacy of Individually Identifiable Health Information (Final Date for Compliance - 4/13/2003)
- Development & Acceptance of Unique Identifiers for:
- Providers (Final Compliance Date for physicians is May 23, 2007);
- Health Plans (Pending);
- Employers (TAX ID numbers in effect now) and
- Individuals (Final Rule Pending)
- Security and Electronic Signature Standards (Final Compliance Date for Security for Practices – April 21 2005 – Passed without Electronic Signature Standard)
Who is Covered?
- The regulations will apply to providers, payors and claims or health data clearinghouses
- The payors required to comply with HIPAA include Medicare, Medicaid, CHAMPUS, Veteran's Administration, all commercial health plans, group welfare benefit plans and even to patients with no health insurance.
Penalties for Non-complaince
Penalties for violating HIPAA regulations range from a low end of not more than $100 per person, per violation, to a high-end fine of not more than $250,000 and/or imprisonment of not more than ten (10) years. The maximum penalties may be levied if protected privacy information was improperly disclosed with intent to sell, transfer, or used for commercial advantage, personal gain, or malicious harm.