HIPAA Compliance: Understanding Its Applicability
What is HIPAA? • HIPAA: Health Insurance Portability and Accountability Act • It was passed by Congress in 1996 • It includes requirements for: – Transfer and continuation of health insurance coverage for millions of American workers and their families when they change or lose their jobs – Reducing healthcare fraud and waste – Industry-wide standards for healthcare information on electronic billing and other processes – The protection and confidential handling of protected health information
Whom Does HIPAA Apply To? Applies to: Health Plans Healthcare Providers Healthcare Clearinghouses
HIPAA Applicability – Health Plans For health plans, HIPAA rules apply to individual and group plans that provide or pay the cost of medical care. Health plans include: • • • • • • •
health, dental, vision, and prescription drug insurers health maintenance organizations (“HMOs”) Medicare, Medicaid and Medicare supplement insurers Long-term care insurers Employer-sponsored group health plans Government and church-sponsored health plans, Multi-employer health plans
HIPAA Applicability – Healthcare Providers HIPAA rules apply to every healthcare provider, regardless of size, who electronically transmits health information in connection with the following transactions: – claims, – benefit eligibility inquiries, – referral authorization requests, or – other transactions for which HHS has established standards under the HIPAA Transactions Rule
Healthcare providers include: – All “providers of services” (e.g., institutional providers such as hospitals) and – “providers of medical or health services” (e.g., non-institutional providers such as physicians, dentists and other practitioners) as defined by Medicare, and any other person or organization that furnishes, bills, or is paid for healthcare
HIPAA Applicability – Healthcare Clearinghouses • Healthcare clearinghouses are entities that process nonstandard information they receive from another entity into a standard format or data content, or vice versa.
• Healthcare clearinghouses include: – billing services, – repricing companies, – community health management information systems, and – value-added networks and switches if these entities perform clearinghouse functions.
HIPAA Applicability – Business Associates •
According to HIPAA rules, a business associate is a third party person or organization that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information.
•
Business associate functions or activities on behalf of a covered entity include: – claims processing, – data analysis, – utilization review, and – Billing
•
Business associate services to a covered entity are limited to: – legal, – actuarial, – accounting, – consulting, – data aggregation, – management, – administrative, – accreditation, or – financial services
Want to learn more about HIPAA, its requirements and best practices to comply with them? ComplianceOnline webinars and seminars are a great training resource. Check out the following links: • How to examine security policies, practices, and risk issues to comply with HIPAA • How to use social media and texting without breaking HIPAA rules • How to Conduct risk analysis to comply with HIPAA • HIPAA/HITECH Assessment for Healthcare Business Associates • How to comply with HIPAA Omnibus Rule • Understanding new rules and responsibilities of Privacy Officer under HIPAA • HIPAA Security and Breach Rule Compliance