HIPAA
FAQ
What is HIPAA?
The Health Insurance Portability and Accountability Act. Put off and delayed,
some might even say ignored due to the healthcare's recent focus on Y2K,
the Health Insurance Portability and Accountability Act or HIPAA, has
now achieved critical status for the industry. Healthcare organizations
have just a few more months to comply with rules that will fundamentally
affect many of the ways healthcare conducts its business.
The Health
Insurance Portability and Accountability Act or HIPAA will:
Change the way healthcare organizations exchange electronic health care
data;
Establish new standards for
(1) administrative
health care transactions,
(2) procedure and diagnosis coding and
(3) identification numbers for providers, insurers and individuals;
Create new security rules to ensure the safety and privacy of individually
identifiable healthcare information and records
Who must comply
with the Electronic Signature standard?
Any healthcare provider, health care clearinghouse, or health plan that
employs an electronic signature in the transmission of one of the transactions
adopted under HIPAA. The electronic signature standard applies only to
the transactions adopted under HIPAA.
Do security
requirements apply only to the transactions adopted under HIPAA?
No. The security standard applies to all individual health information
that is maintained or transmitted. This is much broader than the specific
transactions currently defined in the law.
Do the Security
Standards apply to paper documents?
The most significant change from the proposed regulations is that they
now extend to all individual identifiable health information in the hands
of covered entities, regardless of whether the information is or has been
in electronic form. This includes purely paper records and oral communications.
Does the Security
Standard require use of specific technologies?
No. The Security Standard is "technologically neutral" in order
to facilitate use of the latest and most promising technologies that meet
the needs of different healthcare organizations. The security standard
is a compendium of security requirements that must be satisfied. While
all organizations will be required to meet the basic requirements, particular
solutions will likely vary based upon organizational size and complexity.
How will smaller
providers be affected?
The proposed security standard does not require extraordinary measures.
It involves taking actions that assure the security of the information
to be protected. The standard does not dictate specific technologies.
The requirements of the standard may be implemented in a number of ways,
depending upon the security needs and technologies in place at each business
and upon agreements among businesses that work together.
What are the
required timelines for achieving compliance with HIPAA regulations?
According to HHS rules, the implementation deadline will be two years
and two months after the final HIPA regulations are released.
What benefits
do the new HIPAA regulations provide to healthcare organizations?
There are at least three important potential benefits:
- The standardization
of electronic data interchange may significantly improve information
transfer between payer and provider.
- Codification of
electronic data standards may position providers to efficiently move
their services onto the Internet
- It provides healthcare
organizations with an opportunity to streamline and simplify their operations
and infrastructure thereby providing a significant potential for savings.
For example, a large amount of physician practice time is currently
spent on administrative processing. We expect that administrative needs
may significantly decrease with implementation of HIPAA standards.
|
