Overview:
Click here to access the actual law.
The following shows HIPAA's breakdown into the five titles and various subtitles:
HIPAA was the result of the healthcare industry's lobbying for national standards to reduce health care inefficiencies by encouraging the use of information technology for better security and protection. HIPAA requires the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. Adopting these standards will improve the efficiency and effectiveness of the nation's healthcare system by encouraging the widespread use of electronic data interchange in healthcare. 1 HIPAA effects pretty much every healthcare organization in the United States. 3 Overall, the act will require a drastic change in how the healthcare provider and payer organizations conduct their business. The daily routines of clinicians, administrative staff, researchers and others will be forced to change. 4
Why:
There are many reasons why we needed these national healthcare standards put into place, several are listed as follows:
The long periods of time it took to process was an issue. It took an average of 90 to 100 days from the time that the patient visited the doctor to when they recieved payment.
Accuracy in the old systems created many problems. Keying errors where at a 5% error rate on transactions, also interpretation errors with coded information and inconsistant procedures were the root of many issues.
Sending the transactions through regular mail resulted in lost, torn, or damaged documents.
Storage problems occured by having so many unorganized paper documents, so many transactions were handled daily, they piled up with no official way of storing them.
To improve portability and continuity of health insurance coverage.
Try to stop or lessen fraud and abuse in health insurance and healthcare delivery.
To simplify the administration of health insurance by creating standardized procedures.
Prior to HIPAA there were about 400 proprietary electronic claim formats being used throughout the United States.
For these reasons and more, HIPAA does the following:
1. Standardization of electronic patient health, administrative and financial data.
2. Unique health identifiers for individuals, employers, health plans and health care providers.
3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future. 4
Implementation:
HIPAA can be very complex and daunting to implement, because of this there are many things a heathcare provider or organization can do to get help with the implementation. There is software availiable to help organizations. An example of this is the downloaded "Intro to HIPAA" training software. This company also has three other HIPAA implementation guides that range up to $45, as well as various other software for helping with the proper implementation of HIPAA regulations. In this particular software if the user answers 80% or more of the questions, they recieve a certification of completion. The following is a screenshot of what this program helping to implement HIPAA's regulations looks like: 2
Companies may also get assistance from hired consultants. Consulting firms began pushing their HIPAA compliance services in 2000. Consultants can help organizations conduct inventory and risk assessments and select vendor products to implement HIPAA's technical provisions. They also can help develop administrative procedures to ensure the security of data. In some situations even seminars are given to teach executives about HIPAA and all of the information surrounding it.
Even though consultants can provide valuable assistance to healthcare organizations developing and implementing HIPAA regulations, there are plenty of other resources one can turn to for aid. Being a memeber in the standards development organizations, or having membership in the Workgroup for Electronic Data Interchange or the Association for Electronic Health Care Transactions can help CIOs meet colleagues that have studied HIPAA's implications in depth and have a wealth of information about the rules. 4
It is worthwhile to get assistance when implementing the HIPAA regulations because proper implementation is very important. If it is not done or not done correctly there can be severe penalities. HIPAA calls for severe civil and criminal penalties for non-compliance, including:
Fines up to $25,000 for multiple violations of the same standard in a calendar year.
Fines up to $250,000 and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information. 4
Most organizations have 24 months from the effective date of the final rules to become compliant. Normally, the effective date is 60 days after a rule is published. Some examples of dates for compliance are as follows:
The Transactions Rule was published on August 17, 2000; the compliance date for that rule was October 16, 2003.
The Privacy Rule was published on December 28, 2000, but due to a minor glitch didn't become effective until April 14, 2001. Compliance with the Privacy Rule was required as of April 14, 2003.
The final Security Rule was published April 21, 2003, with compliance required as of April 21, 2005.
The final Standard Unique Employer Identifier was published on May 31, 2002. Compliance was required by July 30, 2004. 4
Compliance requirements include:
* Building initial organizational awareness of HIPAA
* Comprehensive assessment of the organization's privacy practices, information security systems and procedures, and use of electronic transactions
* Developing an action plan for compliance with each rule
* Developing a technical and management infrastructure to implement the plans
* Implementing a comprehensive implementation action plan. 3
References:
1 http://www.cms.hhs.gov/HIPAAGenInfo
2 http://www.wpc-edi.com/content/view/533/377
3 http://www.hipaadvisory.com/regs/HIPAAprimer.htm
4 http://www.healthdatamanagement.com/HDMSearchResultsDetails.cfm?articleId=4378