The Health Insurance Portability and Accountability Act (HIPAA) was passed to help facilitate better availability of health insurance for individuals and families, to combat fraud, and to develop security standards for health care record information. HIPAA is Public Law 104-191, signed into effect on August 21, 1996, by President Clinton. It is defined as
HIPAA has several purposes. HIPAA limits exclusions for pre-existing conditions that can be used to deny coverage. It ensures the proper transfer of patient information to a new insurer. It also prevents discrimination in enrollment based on a person's health status. Another part of HIPAA directs the Secretary of Health and Human Services to develop and implement a set of uniform standards for the electronic exchange of health care information. In general, HIPAA:
HIPAA has some teeth! The fines and penalties provided for in the law can call for imprisonment up to ten years for willful violation and fines up to $250,000. Penalties for violation can include fines against individuals and institutions; failure to comply with standards may result in a $100 fine per occurrence (to a maximum fine of $25,000 per year). Willful disclosure of identifiable health information can result in a $50,000 to $250,000 fine per incident. In addition, the individual responsible for disclosure may face imprisonment of one to ten years, as well as a possibility of forfeiture of assets. HIPAA has a large impact on information technology resources. Section 1173 of the act promotes standards to enable electronic exchange of data. This section directs the establishment of standards for Unique Health Identifiers, Code Sets, and Security Standards for Health Information, Electronic Signature, and Transfer of Information among Health Plans. HIPAA Standards and Guidelines have been implemented. The EDI Standard used for HIPAA is the X12 4010 standard and the X12 4010A (Addenda). Changes to the HIPAA standard were addressed and passed in October 2002 by the ANSI Standards Committee. Who is affected by HIPAA and subject to compliance regulations? The list includes Fiscal Intermediaries, also known as claims processors, Health Plans, Employers, and Health Care Providers. The definition of a health care provider was specifically spelled out in the Federal Register as it applies to HIPAA: "any other person furnishing health care services or supplies" (other than those under the statutory definition of provider) "that maintain or transmit automated health information." Security and technology standards were developed to meet the following guidelines:
|