The following are Frequently Asked Questions and Answers concerning the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
In 1996, Congress passed the Health Insurance Portability and Accountability Act, now more commonly known as HIPAA. The major purpose of the act was administrative simplification. (I.e., Promoting a more efficient health care system by reducing administrative requirements and costs.) HIPAA required the U.S. Department of Health and Human Services (DHHS) to adopt separate regulations covering standardized transactions, privacy of individually identifiable health information, security of individually identifiable health information and unique identifiers for individuals, health care plans, employers and health care providers
"Covered entities" as defined by HIPAA, include health care providers who transmit health care information in electronic form. There are ten specific covered transactions listed in the regulation including (1) health care claim or encounter, (2) health care payment and remittance advice, (3) coordination of benefits, (4) health care claim status, (5) enrollment and disenrollment in a health plan, (6) eligibility for a plan, (7) health plan premium payments, (8) referral certification and authorization, (9) first report of injury, and (10) health claims attachments. All alcohol and substance treatment providers are health care providers under HIPAA. Therefore, any alcohol and substance provider who electronically submits any one of the ten prescribed health care transactions and/or attachments are covered entities under HIPAA.
For health care providers who conduct any one of the above-mentioned health care transactions electronically, the transaction regulations mandate use of a standardized format. The format will be required by all public (Medicaid and Medicare) and private insurers including managed care plans. In additions, the transaction regulations mandate use of prescribed clinical coding systems, e.g., diagnostic and procedure codes. All software systems involving "covered" transactions will need to be HIPAA compliant.
Privacy regulations contain a number of requirements including development/adoption of policies and procedures, patient privacy notices and consent and authorization forms. Providers are also required to designate a Privacy Officer to be responsible for monitoring on-going compliance. It is important to note that once an entity is covered under HIPAA, all personal health information including paper and oral transmissions, is subject to Privacy requirements.