Approaching Health Care with HIPAA

Previous page
Table of content
Next page

The Health Insurance Portability and Accountability Act (HIPAA) was passed to help facilitate better availability of health insurance for individuals and families, to combat fraud, and to develop security standards for health care record information. HIPAA is Public Law 104-191, signed into effect on August 21, 1996, by President Clinton.

It is defined as

An act to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets; to combat waste, fraud, and abuse in health insurance and health care delivery; to promote the use of medical savings accounts; to improve access to long-term care services and coverage; to simplify the administration of health insurance; and other purposes.[1]

[1] www.hipaa.org.

HIPAA has several purposes. HIPAA limits exclusions for pre-existing conditions that can be used to deny coverage. It ensures the proper transfer of patient information to a new insurer. It also prevents discrimination in enrollment based on a person's health status. Another part of HIPAA directs the Secretary of Health and Human Services to develop and implement a set of uniform standards for the electronic exchange of health care information. In general, HIPAA:

  • Limits exclusions for pre-existing medical conditions.

  • Provides a process for the transfer of information concerning prior coverage to a new insurer.

  • Ensures individual rights for enrollment in health care coverage when situations change.

  • Prohibits discrimination in enrollment based on health status.

  • Directs the development and implementation of a uniform standard for EDI of health care information.

  • Guarantees availability of coverage for small employers.

  • Preserves, with narrow pre-emptive provisions, the state's traditional role in regulating health insurance, including the ability to offer greater protection.

  • Expands the ability for combating fraud and claims abuse in the delivery of health care.

  • Provides tax benefits for self-employed individuals and small businesses.

  • Authorizes limited experimentation with medical savings accounts.

HIPAA has some teeth! The fines and penalties provided for in the law can call for imprisonment up to ten years for willful violation and fines up to $250,000.

Penalties for violation can include fines against individuals and institutions; failure to comply with standards may result in a $100 fine per occurrence (to a maximum fine of $25,000 per year). Willful disclosure of identifiable health information can result in a $50,000 to $250,000 fine per incident. In addition, the individual responsible for disclosure may face imprisonment of one to ten years, as well as a possibility of forfeiture of assets.

HIPAA has a large impact on information technology resources. Section 1173 of the act promotes standards to enable electronic exchange of data. This section directs the establishment of standards for Unique Health Identifiers, Code Sets, and Security Standards for Health Information, Electronic Signature, and Transfer of Information among Health Plans. HIPAA Standards and Guidelines have been implemented. The EDI Standard used for HIPAA is the X12 4010 standard and the X12 4010A (Addenda). Changes to the HIPAA standard were addressed and passed in October 2002 by the ANSI Standards Committee.

Who is affected by HIPAA and subject to compliance regulations? The list includes Fiscal Intermediaries, also known as claims processors, Health Plans, Employers, and Health Care Providers. The definition of a health care provider was specifically spelled out in the Federal Register as it applies to HIPAA: "any other person furnishing health care services or supplies" (other than those under the statutory definition of provider) "that maintain or transmit automated health information."

Security and technology standards were developed to meet the following guidelines:

  • The strategy must be comprehensive and encompass all aspects of the data interchange.

  • The standard must be technology-neutral to allow any organization using any technology to implement it.

  • The technology must be scalable to allow an organization to grow and develop.

  • The compliance timeline for HIPAA implementation is short. Once the proposed rules are reviewed and published, institutions will have 24 to 36 months, depending on their size, to implement the standards.


Previous page
Table of content
Next page
Next Generation Application Integration(c) From Simple Information to Web Services
Next Generation Application Integration: From Simple Information to Web Services
ISBN: 0201844567
EAN: 2147483647
Year: 2005
Pages: 220
Authors: David S. Linthicum
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Absolute Beginner[ap]s Guide to Project Management
Adobe After Effects 7.0 Studio Techniques
A Practitioners Guide to Software Test Design
An Introduction to Design Patterns in C++ with Qt 4
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy