Health Insurance Portability and Accountability Act (HIPAA)

Five Rules under HIPAA Title II

1. Transactions and Code Sets Rule 2. Privacy Rule 3. Security Rule 4. Unique Identifiers Rule 5. Enforcement Rule

When was HIPAA enacted?

1996

What is HIPAA?

A federal law that applies directly to providers, health plans, and clearinghouses (of confidential health information); composed of 5 titles

Transactions and Code Set Rule

After several extensions, the department of human health services is not allowed to pay Medicare claims that were not submitted electronically after July 1, 2005 unless a waiver was granted by the Secretary; AKA EDI rule; Implemented so that organizations aren't submitting claims in different formats

Who enforces the EDI Rule?

Centers for Medicare and Medicaid Services (CMS)

CPT

Current Procedural Terminology codes for medical procedures and services

HIPAA Health Insurance Reform Title I

Designed to improve access to health insurance ("portability"); limits exclusions by pre-existing conditions and helps assure portability of health insurance when changing employment

HIPAA

Health Insurance Portability and Accountability Act of 1996

Covered Entities of HIPAA

Health plans and insurers, Healthcare clearinghouses, Healthcare providers, Business associates of covered entities

HIPAA Administrative Simplification Title II

Helps protect the privacy of patients through an aggressive, consumer oriented set of regulations; sets standards for the electronic exchange, privacy, and security of health information; helps minimize health fraud and abuse by enforcing a well-defined set of standards for the electronic transactions of medical/health information

Security Rule

Identifies specific administrative procedures, physical safeguards and technical security services that are required to maintain the integrity, confidentiality, and availability of PHI; applies only to electronic data

ICD

International Classification of Diseases

NDC

National Drug Code for medications

Who enforces the privacy rule?

Office of Civil Right (OCR), and the U.S. Department of Health and Human Services (DHHS)

PHI

Protected health information; individually identifiable health information; any information in any form that is created by a health care provider, health plan, public health authority, employer, school, university, or health care clearinghouse and relates to past, present, or future physical or mental health or condition of an individual

Privacy Rule

Regulates who has access to individually identifiable health information (PHI); establishes a national minimum standard of privacy

Who enforces the security rule?

The Center for Medicare and Medicaid Services (CMS) and the Office of Civil Rights (OCR)

The Transcations and Code Set Rule Standardizes:

Transaction formats, Clinical code sets (ICD, CPT, NDC), Identifiers for parties engaged in the transactions including providers, employers, health plans, and patients (National Provider Identifier, NPI)

When can PHI be shared?

When it is necessary to provide care or when the patient allows it