Health Insurance Portability and Accountability Act (HIPAA)
Five Rules under HIPAA Title II
1. Transactions and Code Sets Rule 2. Privacy Rule 3. Security Rule 4. Unique Identifiers Rule 5. Enforcement Rule
When was HIPAA enacted?
1996
What is HIPAA?
A federal law that applies directly to providers, health plans, and clearinghouses (of confidential health information); composed of 5 titles
Transactions and Code Set Rule
After several extensions, the department of human health services is not allowed to pay Medicare claims that were not submitted electronically after July 1, 2005 unless a waiver was granted by the Secretary; AKA EDI rule; Implemented so that organizations aren't submitting claims in different formats
Who enforces the EDI Rule?
Centers for Medicare and Medicaid Services (CMS)
CPT
Current Procedural Terminology codes for medical procedures and services
HIPAA Health Insurance Reform Title I
Designed to improve access to health insurance ("portability"); limits exclusions by pre-existing conditions and helps assure portability of health insurance when changing employment
HIPAA
Health Insurance Portability and Accountability Act of 1996
Covered Entities of HIPAA
Health plans and insurers, Healthcare clearinghouses, Healthcare providers, Business associates of covered entities
HIPAA Administrative Simplification Title II
Helps protect the privacy of patients through an aggressive, consumer oriented set of regulations; sets standards for the electronic exchange, privacy, and security of health information; helps minimize health fraud and abuse by enforcing a well-defined set of standards for the electronic transactions of medical/health information
Security Rule
Identifies specific administrative procedures, physical safeguards and technical security services that are required to maintain the integrity, confidentiality, and availability of PHI; applies only to electronic data
ICD
International Classification of Diseases
NDC
National Drug Code for medications
Who enforces the privacy rule?
Office of Civil Right (OCR), and the U.S. Department of Health and Human Services (DHHS)
PHI
Protected health information; individually identifiable health information; any information in any form that is created by a health care provider, health plan, public health authority, employer, school, university, or health care clearinghouse and relates to past, present, or future physical or mental health or condition of an individual
Privacy Rule
Regulates who has access to individually identifiable health information (PHI); establishes a national minimum standard of privacy
Who enforces the security rule?
The Center for Medicare and Medicaid Services (CMS) and the Office of Civil Rights (OCR)
The Transcations and Code Set Rule Standardizes:
Transaction formats, Clinical code sets (ICD, CPT, NDC), Identifiers for parties engaged in the transactions including providers, employers, health plans, and patients (National Provider Identifier, NPI)
When can PHI be shared?
When it is necessary to provide care or when the patient allows it