Printer Friendly

HIPAA: what it means (and doesn't mean) for your practice.

Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) deals with Administrative Simplification in the delivery of healthcare. The components of this section include electronic transactions and code sets, security, unique identifiers, and patient privacy. Its purpose is to improve the effectiveness and efficiency of the Medicare and Medicaid programs, other federal healthcare programs, private-payer health programs, and the healthcare industry in general by "enabling the efficient electronic transmission of certain health information." (1)

Patient privacy is one area of concern to most physician practices. The penalties for HIPAA noncompliance are severe, and many practices have spent a considerable amount of time and money trying to ensure that they meet HIPAA requirements.

Shortly after the HIPAA regulations were published, there was some confusion within the healthcare community about whether HIPAA regulations would prevent electronic forms of communication between physicians and their patients. In fact, one of the goals of HIPAA is to facilitate increased use of electronic channels for the delivery and operations of healthcare.

In a letter dated May 17, 2004, the Office for Civil Rights (OCR) in the U.S. Department of Health and Human Services (HHS) sent a letter to healthcare providers clarifying this common misconception about HIPAA protections. In the letter, the OCR stated that "doctors can continue to use e-mail, telephone, or fax machines to communicate with patients, providers, and others using common sense, appropriate safeguards to protect patient privacy." In addition, HIPAA does not require providers to eliminate all incidental disclosures. Incidental disclosures do not violate HIPAA if the covered entity has "common sense policies which reasonably safeguard" protected health information.

The HIPAA section on electronic transactions and code sets states that all healthcare providers must use, and health plans must accept, the standard code sets as mandated by HIPAA. These standards include:

* the current version of the AMA's Current Procedural Terminology (CPT[R]), which includes the CPT codes and modifiers;

* the Health Care Financing Administration Common Procedure Coding System (HCPCS):

* ICD-9-CM, Volumes 1, 2, and 3;

* National Drug Codes (NDC); and

* the ADA's Code on Dental Procedures and Nomenclature.

This standardization of code sets meant that health plans, including state Medicaid programs, could no longer use "local codes" or other nonstandard codes in electronic transactions after the implementation date of December 31, 2003. Health plans are not permitted to require physicians to make changes or additions to a standard claim, and health plans are not permitted to refuse or delay payment for a proper standard transaction. (2) However, these HIPAA protections apply only to claims filed electronically.

On January 23, 2004, HHS published the final rule that adopts the National Provider Identifier (NPI) as the standard unique identifier for healthcare providers. The effective date of the rule was May 23, 2005. Physicians were permitted to begin applying for an NPI on that date. The compliance deadline for the NPI is May 23, 2007, at which time covered entities under HIPAA will use only the NPI to identify the healthcare provider in all standard transactions. The NPI will consist of a 10-digit numeric identifier--nine numbers plus a check-digit for the tenth number. A healthcare provider's NPI will never expire, and all other provider numbers (Unique Physician Identification Numbers, private payer identification numbers, Medicare provider numbers) will no longer be permitted in a standard transaction.

The goal of the Administrative Simplification section of HIPAA is to maximize the use of technology in the delivery of healthcare through the implementation of standards that all components of the system can use. Technology such as electronic data interchange (EDI), standardized transactions and code sets, and standardized unique identifiers will streamline the operational aspects of healthcare and provide consistency for physician practices.

Additional information about HIPAA and Administrative Simplification can be found on the CMS Web site at


(1.) Federal Register, August 17, 2000;65(160):50311.

(2.) Solomon C. HIPAA technology provisions. University of Kentucky Chandler Medical Center:


Director of Regulatory and Socioeconomic Affairs American Academy of Otolaryngology--Head and Neck Surgery
COPYRIGHT 2005 Vendome Group LLC
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:GUEST EDITORIAL; Health Insurance Portability and Accountability Act of 1996
Author:Taliaferro, Linda
Publication:Ear, Nose and Throat Journal
Article Type:Editorial
Geographic Code:1USA
Date:Jun 1, 2005
Previous Article:Videostroboscopy system.
Next Article:Scarred tympanic membrane.

Related Articles
Get Ready for HIPAA.
Symantec introduces enterprise security manager for HIPAA.
What every business needs to know about HIPAA: most healthcare organizations must comply with HIPAA's Privacy Rule by April 14, 2003--but do all...
First phase of HIPAA gets underway; next compliance deadline is Oct. 16. (Front Page).
U.S. law guides health privacy.
ADA offers HIPAA Security Kit.
Planning for HIPAA medical privacy rules.
HIPAA compliance using serial ATA.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters