HIPAA The Law Explained. Click here to view the HIPAA information.

Transcription

1 HIPAA The Law Explained Click here to view the HIPAA information.

2 HIPAA - Provisions 5 Major Provisions/Titles Title 1 Title 2 Title 3 Title 4 Title 5 More Information on Administrative Simplification and Insurance Reform

3 HIPAA Provisions Title 1 5 Major Provisions/Titles Title 1 Title 2 Title 3 Title 4 Title 5 Health Insurance Access, Portability, and Renewability HIPAA Title I deals with protecting health insurance coverage for people who lose or change their jobs More Information on Administrative Simplification and Insurance Reform

4 HIPAA Provisions Title 2 5 Major Provisions/Titles Click below to see a chart on covered entities. Title 1 Title 2 Title 3 Title 4 Title 5 Adobe Acrobat 7.0 Document Preventing Healthcare Fraud & Abuse, Administrative Simplification, & Medical Liability Reform HIPAA Title II includes an administrative simplification section which: 1. Deals with the standardization of healthcare related information systems; 2. Defines numerous offenses relating to health care and sets civil and criminal penalties for them. HIPAA Title II required the Department of Health and Human Services (DHHS) to establish and adopt national standards for electronic healthcare transactions. The national standards apply to the following Covered Entities : a. Healthcare Providers - Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which standard requirements have been adopted b. Health Plans - Any individual or group plan that provides or pays the cost of healthcare. c. Healthcare Clearing Houses - A public or private entity that transforms healthcare transactions from one form to another More Information on Administrative Simplification and Insurance Reform

5 HIPAA Provisions Title 3 5 Major Provisions/Titles Title 1 Title 2 Title 3 Title 4 Title 5 Tax-related Health Provisions Title III provides for certain deductions for medical insurance, and makes other changes to health insurance law. More Information on Administrative Simplification and Insurance Reform

6 HIPAA Provisions Title 4 5 Major Provisions/Titles Title 1 Title 2 Title 3 Title 4 Title 5 Application and Enforcement of Group Health Insurance Requirements Title IV specifies conditions for group health plans regarding coverage of persons with preexisting conditions, and modifies continuation of coverage requirements. More Information on Administrative Simplification and Insurance Reform

7 HIPAA Provisions Title 5 5 Major Provisions/Titles Title 1 Title 2 Title 3 Title 4 Title 5 Revenue Offsets Title V includes provisions related to companyowned life insurance, treatment of individuals who lose U.S. citizenship for income tax purposes and repeals the financial institution rule to interest allocation rules. More Information on Administrative Simplification and Insurance Reform

8 HIPAA Accountability & Portability Health Insurance Portability and Accountability Act (HIPAA) Click here for more info Click here for more info Administrative Simplification Accountability Insurance Reform Portability Transaction Code Sets, and Identifiers Compliance Date 10/16/03 Privacy Compliance Date 4/14/03 Security Compliance Date 4/26/05 Enforcement Compliance Date 3/16/06 Note: The Administrative Simplification sections of HIPAA are most relevant to health care providers while the Insurance Reform sections are most relevant to payers.

9 HIPAA Administration Simplification Electronic Transactions Privacy Security Enforcement Administrative Simplification consists of standards for the following areas: A. Electronic Transactions B. Privacy C. Security 1. Transactions 2. Code sets 3. Unique identifiers D. Enforcement Return to the Accountability & Portability Chart

10 HIPAA Administration Simplification Electronic Transactions Electronic Transactions Privacy Security Enforcement 1. Electronic transaction activities involve the transfer of electronic information for specific purposes. Electronic Data Interchange (EDI) is the leading media for electronic transactions 2. Code Sets are values that are used in the data fields to identify conditions, procedures and entities. Under HIPAA, local procedure codes were eliminated and replaced with National Standard Healthcare Common Procedure Coding System (HCPCS) is divided into two principal subsystems, referred to as level I and level II of the HCPCS. These are the code sets that have been selected as the National Standards and must be used consistently by covered entities. 3. Unique Identifiers - The Centers for Medicare and Medicaid Services (CMS) announced in January 2004, that it was adopting the National Provider Identifier (NPI) as the standard identification system for health care providers on their claim transactions. The NPI is a unique 10-digit identification number issued to health care providers in the United States by the Centers for Medicare and Medicaid Services (CMS) Return to the Accountability & Portability Chart

11 HIPAA Administration Simplification Privacy Electronic Transactions Privacy Security Enforcement The Privacy Rule took effect on April 14, 2003, with a one-year extension for certain "small plans." It established regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information about health status, provision of health care, or payment for health care that can be linked to an individual. Return to the Accountability & Portability Chart

12 HIPAA Administration Simplification Security Electronic Transactions Privacy Security Enforcement The Final Rule on Security Standards was issued by DHHS on February 20, It took effect on April 21, 2003 with a compliance date of April 20, 2005 for most covered entities and April 20, 2006 for small plans. The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. 1. Administrative: policies and procedures designed to clearly show how the entity will comply with the act 2. Physical: controlling physical access to protect against inappropriate access to protected data 3. Technical: controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient. Return to the Accountability & Portability Chart

13 HIPAA Administration Simplification Enforcement Point 1 Electronic Transactions Privacy Security Enforcement WHAT IS IT On February 16, 2006, DHHS issued the Final Rule regarding HIPAA enforcement. It became effective on March 16, The Enforcement Rule sets civil money penalties for violating HIPAA rules and establishes procedures for investigations and hearings for HIPAA violations, however deterrent effects have been negligible with few prosecutions for violations What is it Who s Responsible Fines Jail Time Return to the Accountability & Portability Chart Click here for more info rosoft Off D

14 HIPAA Administration Simplification Enforcement Point 2 Electronic Transactions Privacy Security Enforcement WHO'S RESPONSIBLE The DHHS Office for Civil Rights (OCR) is responsible for enforcing the HIPAA regulations. The reasoning is that the right of privacy of medical records is a fundamental civil right. In order to put more teeth into the civil penalties, the OCR enforces the civil side, and the DOJ enforces the criminal side. What is it Who s Responsible Fines Jail Time Return to the Accountability & Portability Chart

15 HIPAA Administration Simplification Enforcement Point 3 Electronic Transactions Privacy Security Enforcement Fines What is the civil penalty for failure to comply with HIPAA requirements and standards? a. Not more than $100 for each violation; and b. Not more than $25,000 for all violations of identical type during single calendar year What is it Who s Responsible Fines Jail Time Return to the Accountability & Portability Chart

16 HIPAA Administration Simplification Enforcement Point 4 Electronic Transactions Privacy Security Enforcement JAIL TIME Improperly obtaining or disclosing individual health information, or improper use of unique health identifiers are subject to the following penalties: Fine Prison Knowingly $50,000 1 Year What is it Who s Responsible Fines Jail Time False Pretenses $100,000 5 Years For Profit, Gain or Harm $250, Years Return to the Accountability & Portability Chart

17 HIPAA Portability The Insurance Reform section of HIPAA has changed the practices of health plans and insurers regarding PORTABILITY and CONTINUITY of health coverage in the following ways: 1. Provides limitations on pre-existing condition exclusions. 2. Prohibits discrimination against individuals based on health status. 3. Helps individuals to keep health insurance when they change jobs. 4. Prevents insurers from imposing pre-existing condition exclusions on new members when they have prior creditable coverage. 5. Guarantees that once employers or individuals purchase health insurance, those policies will be renewed. Return to the Accountability & Portability Chart