Contents
General
HIPAA
Overview
By Topic
By Rule
General
HIPAA
Overview
Q.
What is HIPAA?
A.
The Health Insurance Portability and Accountability Act
(HIPAA) is also known as the Kennedy-Kassebaum bill. It was first
proposed with the simple objective to assure health insurance
coverage after leaving a job. Congress added an Administrative
Simplification section to the bill.
The
goal of the Administrative Simplification section of the bill
was to save money. It was requested and supported by the health
care industry because it standardized electronic transactions
and required standard record formats, code sets, and identifiers.
The
impact of Electronic Standardization, however, was that it increased
risk to security and privacy of individually identifiable health
information. Because Congress did not provide legislation defining
the privacy and security requirements of HIPAA, the Department
of Health and Human Services (DHHS) was required to provide them.
There
are currently four
proposed or final rules from DHHS for HIPAA:
1.
Transaction
and Code Set standards (Final)
2. Privacy
standard (Final)
3. Security
standard (Proposed)
4. Identifier
standards (Proposed)
Q. Are
Tribes required to be compliant under HIPAA?
A.
Yes, On May 13, 2003 the IHS Director sent a letter to
Tribal Leaders informing them that they are covered entities under
HIPAA. This is explained in the second paragraph of the attached
letter from the IHS Director. http://www.ihs.gov/tribalLeaders/TribalLetters/2003_Letters/05-13-2003_Letter.pdf
Q.
Can Tribes, Tribal Organizations, and Urban continue to submit
information to the IHS National Patient Information Reporting
System (NPIRS) with HIPAA Privacy Standards?
A.
Yes. This is explained in the third paragraph
of the attached IHS Director's May 13, 2003 letter to Tribal leaders.
http://www.ihs.gov/tribalLeaders/TribalLetters/2003_Letters/05-13-2003_Letter.pdf
Q.
Who do I contact if I feel my HIPAA Privacy rights have been violated?
A.
It is suggested that you address the issue with you healthcare
provider first. If you do not feel that you complaint has been
adequately addressed you can file a compliant with the Office
of Civil Rights(OCR), the Federal Government office that is responsible
for enforcing HIPAA Privacy regulations. The WEB address for OCR
HIPAA questions is http://www.hhs.gov/ocr/hipaa/
.
By
Topic
See the HHS
Frequently Asked Questions (FAQ) by Topic
By
Rule
Transaction Standards
- See the HHS
Transaction Standards FAQ
Q. Will RPMS be compliant with the HIPAA
Transaction Rule by October 16, 2002?
A. There will be two options for HIPAA transaction
compliance for RPMS.
1.
Use RPMS transactions. RPMS transactions are on schedule
to be fully compliant for the following transaction types:
-
270 (Eligibility/Benefit Inquiry)
-
271 (Eligibility/Benefit Information Response)
-
835 (Health Care Claim Payment/Advice)
-
837 (Health Care Claim)
2.
Use a clearinghouse. Any transactions can be forwarded
to a clearinghouse where they will be formatted to meet all HIPAA
transaction requirements. This solution has the advantage that
once the agreements are in place to use its services, the clearinghouse
will be responsible for putting in place all payer agreements,
thus potentially providing a substantial reduction in administrative
costs.
Either
of these options will provide HIPAA transaction compliance by
the required deadline of October 16, 2002.
Code Set Standards
- See the HHS
Code Set Standards FAQ.
Identifier Standards
- See the HHS FAQ pages for the following Identifiers:
Privacy
Standards - See the HHS
Privacy Fact Sheet, HHS
Privacy Guidance Document and the HHS
FAQ section.
Security Standards
- See the HHS
Security FAQ.
Q. Does the HIPAA Security Rule require encryption when individually
identifiable health information is sent over a network?
A. We are assured that the final HIPAA Security Rule will
require encryption only when individually identifiable health information
is sent over a public network, such as the Internet. Encryption
will not be required for other network connections, such
as dial-up lines and Intranets.
Q. I have heard that the HIPAA Security Rule only requires standard
security practices. Does the HIPAA Security Rule have significant
new requirements?
A. The Chain
of Trust Partner Agreement is the only significant new security
requirement under the proposed Security Rule. When the final Security
Rule is released later this year, we will have to verify that this
is still true.
Please email
questions or comments to HIPAA Web Contact.
|