Indian Health Service Logo: takes you to the Home Page
Indian Health Service: The Federal Health Program for American Indians and Alaska Natives

 
Advanced Search by Google search
     HOME      ABOUT  I H S   SITE MAP     HELP
Resources for
IHS Management

   
  IHS HIPAA Home  
     
  CMS - HIPAA  
     
  HIPAA Training  
     
  Compliance Team  
     
  Compliance Project  
     
  Events  
     
  Electronic Reading Room  
     
  Links  
     
  FAQs  
   
  Please email questions or comments to HIPAA Web Contact.  
   
graphic header: Indian Health Service
HIPAA

FAQs

Contents

General

HIPAA Overview

By Topic

By Rule

General

HIPAA Overview

Q. What is HIPAA?

A. The Health Insurance Portability and Accountability Act (HIPAA) is also known as the Kennedy-Kassebaum bill. It was first proposed with the simple objective to assure health insurance coverage after leaving a job. Congress added an Administrative Simplification section to the bill.

The goal of the Administrative Simplification section of the bill was to save money. It was requested and supported by the health care industry because it standardized electronic transactions and required standard record formats, code sets, and identifiers.

The impact of Electronic Standardization, however, was that it increased risk to security and privacy of individually identifiable health information. Because Congress did not provide legislation defining the privacy and security requirements of HIPAA, the Department of Health and Human Services (DHHS) was required to provide them.

There are currently four proposed or final rules from DHHS for HIPAA:

1. Transaction and Code Set standards (Final)
2. Privacy standard (Final)
3. Security standard (Proposed)
4. Identifier standards (Proposed)

Q. Are Tribes required to be compliant under HIPAA?  

A. Yes, On May 13, 2003 the IHS Director sent a letter to Tribal Leaders informing them that they are covered entities under HIPAA. This is explained in the second paragraph of the attached letter from the IHS Director. http://www.ihs.gov/tribalLeaders/TribalLetters/2003_Letters/05-13-2003_Letter.pdf

Q. Can Tribes, Tribal Organizations, and Urban continue to submit information to the IHS National Patient Information Reporting System (NPIRS) with HIPAA Privacy Standards?  

A.   Yes. This is explained in the third paragraph of the attached IHS Director's May 13, 2003 letter to Tribal leaders. http://www.ihs.gov/tribalLeaders/TribalLetters/2003_Letters/05-13-2003_Letter.pdf

 

Q. Who do I contact if I feel my HIPAA Privacy rights have been violated?

A. It is suggested that you address the issue with you healthcare provider first. If you do not feel that you complaint has been adequately addressed you can file a compliant with the Office of Civil Rights(OCR), the Federal Government office that is responsible for enforcing HIPAA Privacy regulations. The WEB address for OCR HIPAA questions is http://www.hhs.gov/ocr/hipaa/ .

 

 

By Topic

See the HHS Frequently Asked Questions (FAQ) by Topic

By Rule

Transaction Standards - See the HHS Transaction Standards FAQ

Q. Will RPMS be compliant with the HIPAA Transaction Rule by October 16, 2002?

A. There will be two options for HIPAA transaction compliance for RPMS.

1.     Use RPMS transactions. RPMS transactions are on schedule to be fully compliant for the following transaction types:

  • 270 (Eligibility/Benefit Inquiry)

  • 271 (Eligibility/Benefit Information Response)

  • 835 (Health Care Claim Payment/Advice)

  • 837 (Health Care Claim)

2.     Use a clearinghouse. Any transactions can be forwarded to a clearinghouse where they will be formatted to meet all HIPAA transaction requirements. This solution has the advantage that once the agreements are in place to use its services, the clearinghouse will be responsible for putting in place all payer agreements, thus potentially providing a substantial reduction in administrative costs.

Either of these options will provide HIPAA transaction compliance by the required deadline of October 16, 2002.

Code Set Standards - See the HHS Code Set Standards FAQ.

Identifier Standards - See the HHS FAQ pages for the following Identifiers:

Privacy Standards - See the HHS Privacy Fact Sheet, HHS Privacy Guidance Document and the HHS FAQ section.

Security Standards - See the HHS Security FAQ.

Q. Does the HIPAA Security Rule require encryption when individually identifiable health information is sent over a network?

A. We are assured that the final HIPAA Security Rule will require encryption only when individually identifiable health information is sent over a public network, such as the Internet. Encryption will not be required for other network connections, such as dial-up lines and Intranets.

Q. I have heard that the HIPAA Security Rule only requires standard security practices. Does the HIPAA Security Rule have significant new requirements?

A. The Chain of Trust Partner Agreement is the only significant new security requirement under the proposed Security Rule. When the final Security Rule is released later this year, we will have to verify that this is still true.

Please email questions or comments to HIPAA Web Contact.

 
   
Accessibility  --  Disclaimer  --  Website Privacy Policy  --  Freedom of Information Act
Kids Page  --  Contact Information  --  FirstGov  --  HHS

This file last modified: Friday April 16, 2004  11:18 AM