HIPAA: what it means (and doesn't mean) for your practice.Title II of the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.
According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when of 1996 (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ) deals with Administrative Simplification in the delivery of healthcare. The components of this section include electronic transactions and code sets, security, unique identifiers, and patient privacy. Its purpose is to improve the effectiveness and efficiency of the Medicare and Medicaid Medicare and Medicaid
U.S. government programs in effect since 1966. Medicare covers most people 65 or older and those with long-term disabilities. Part A, a hospital insurance plan, also pays for home health visits and hospice care. programs, other federal healthcare programs, private-payer health programs, and the healthcare industry in general by "enabling the efficient electronic transmission of certain health information." (1)
Patient privacy is one area of concern to most physician practices. The penalties for HIPAA noncompliance are severe, and many practices have spent a considerable amount of time and money trying to ensure that they meet HIPAA requirements.
Shortly after the HIPAA regulations were published, there was some confusion within the healthcare community about whether HIPAA regulations would prevent electronic forms of communication between physicians and their patients. In fact, one of the goals of HIPAA is to facilitate increased use of electronic channels for the delivery and operations of healthcare.
In a letter dated May 17, 2004, the Office for Civil Rights (OCR) in the U.S. Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979
Health and Human Services, HHS (HHS) sent a letter to healthcare providers clarifying this common misconception about HIPAA protections. In the letter, the OCR stated that "doctors can continue to use e-mail, telephone, or fax machines to communicate with patients, providers, and others using common sense, appropriate safeguards to protect patient privacy." In addition, HIPAA does not require providers to eliminate all incidental disclosures. Incidental disclosures do not violate HIPAA if the covered entity has "common sense policies which reasonably safeguard" protected health information protected health information Health informatics Any individually identifiable health informatlon that is used or circulated by an entity that falls under the governance of HIPAA; the privacy regulations mandate safeguards for protected health information, and the .
The HIPAA section on electronic transactions and code sets states that all healthcare providers must use, and health plans must accept, the standard code sets as mandated by HIPAA. These standards include:
* the current version of the AMA's Current Procedural Terminology Current Procedural Terminology See CPT. (CPT[R]), which includes the CPT codes and modifiers;
* the Health Care Financing Administration Health Care Financing Administration,
n.pr department in the U.S. agency of Health and Human Services responsible for the oversight of the Medicaid and Medicare benefit programs, including guidelines, payment, and coverage policies. Common Procedure Coding System (HCPCS):
* ICD-9-CM ICD-9-CM International Classification of Disease, 9th edition, Clinical Modification
A standardized classification of disease, injuries, and causes of death, by etiology and anatomic localization and codified into a 6-digit number, which allows , Volumes 1, 2, and 3;
* National Drug Codes (NDC); and
* the ADA's Code on Dental Procedures and Nomenclature.
This standardization of code sets meant that health plans, including state Medicaid programs, could no longer use "local codes" or other nonstandard codes in electronic transactions after the implementation date of December 31, 2003. Health plans are not permitted to require physicians to make changes or additions to a standard claim, and health plans are not permitted to refuse or delay payment for a proper standard transaction. (2) However, these HIPAA protections apply only to claims filed electronically.
On January 23, 2004, HHS published the final rule that adopts the National Provider Identifier National Provider Identifier Medicare A unique 8 character ID assigned by the National Provider System to providers/suppliers who bill for services or goods. See Medicare Identification Number, NSC, OSCAR, UPIN. (NPI) as the standard unique identifier for healthcare providers. The effective date of the rule was May 23, 2005. Physicians were permitted to begin applying for an NPI on that date. The compliance deadline for the NPI is May 23, 2007, at which time covered entities under HIPAA will use only the NPI to identify the healthcare provider in all standard transactions. The NPI will consist of a 10-digit numeric identifier--nine numbers plus a check-digit for the tenth number. A healthcare provider's NPI will never expire, and all other provider numbers (Unique Physician Identification Numbers, private payer identification numbers, Medicare provider numbers) will no longer be permitted in a standard transaction.
The goal of the Administrative Simplification section of HIPAA is to maximize the use of technology in the delivery of healthcare through the implementation of standards that all components of the system can use. Technology such as electronic data interchange See EDI.
(application, communications) electronic data interchange - (EDI) The exchange of standardised document forms between computer systems for business use. EDI is part of electronic commerce. (EDI), standardized transactions and code sets, and standardized unique identifiers will streamline the operational aspects of healthcare and provide consistency for physician practices.
Additional information about HIPAA and Administrative Simplification can be found on the CMS Web site at www.cms.hhs.gov/hipaa/hipaa2/default.asp.
(1.) Federal Register, August 17, 2000;65(160):50311.
(2.) Solomon C. HIPAA technology provisions. University of Kentucky The University of Kentucky, also referred to as UK, is a public, co-educational university located in Lexington, Kentucky. Chandler Medical Center The Chandler Medical Center at the University of Kentucky in Lexington, Kentucky is comprised of the following:
LINDA TALIAFERRO, MHCM
Director of Regulatory and Socioeconomic Affairs American Academy of Otolaryngology--Head and Neck Surgery