|
Frequently Asked Questions
What is HIPAA?
In 1996 Congress passed the
Health Insurance Portability and Accountability Act, now commonly known as
HIPAA. The major purpose of the act, was administrative simplification,
that is, promoting a more efficient health care system by reducing
administrative requirements and therefore costs. HIPAA required the U.S.
Department of Health and Human Services (DHHS) to adopt separate
regulations covering standardized transactions, privacy of individually
identifiable health information, security of individually identifiable
health information and unique identifiers for individuals, health care
plans, employers and health care providers.
Who is covered under HIPAA?
"Covered entities" as defined
by HIPAA, include health care providers who transmit health care
information in electronic form. There are ten specific covered
transactions listed in the regulation including (1) health care claim or
encounter, (2) health care payment and remittance advice, (3) coordination
of benefits, (4) health care claim status, (5) enrollment and
disenrollment in a health plan, (6) eligibility for a plan, (7) health
plan premium payments, (8) referral certification and authorization, (9)
first report of injury, and (10) health claims attachments. All alcohol
and substance treatment providers are health care providers under HIPAA.
Therefore, any alcohol and substance provider who electronically submits
any one of the ten prescribed health care transactions and/or attachments
are covered entities under HIPAA.
When are HIPAA regulations effective?
Separate regulations covering
each of the major components of HIPAA are being issued sequentially. The
first regulations govern "health care transactions" as described above
were adopted and were originally effective in October of 2002.
Subsequently, legislation was enacted that postponed the effective date
until 10/16/2003. Extensions are NOT automatic however, providers had to submit plans for compliance to the U.S. Department of Health and
Human Services by 10/16/2002. Privacy regulations governing use and
disclosure and protection of individually identifying health identifying
information, have also been adopted and will be effective April 2003.
Security and identifier regulations have been drafted but not yet
finalized.
HIPAA Administrative Simplification Compliance Deadlines
|
Date |
Deadline |
|
October 15, 2002 |
Deadline to submit a compliance extension form
for Electronic Health Care Transactions and Code Sets. |
|
October 16, 2002 |
Electronic Health Care Transactions and Code
Sets - all covered entities except those who filed for an extension
and are not a small health plan. |
|
April 14, 2003 |
Privacy - all covered entities except small
health plans. |
|
April 16, 2003 |
Electronic Health Care Transactions and Code
Sets - all covered entities must have started software and systems
testing. |
|
October 16, 2003 |
Electronic Health Care Transactions and Code
Sets - all covered entities who filed for an extension and small
health plans. |
|
April 14, 2004 |
Privacy - small health plans. |
|
July 30, 2004 |
Employer Identifier Standard - all covered
entities except small health plans. |
|
August 1, 2005 |
Employer Identifier Standard - small health
plans. |
What is the impact of HIPAA?
For health care providers who
conduct any one of the above-mentioned health care transactions
electronically, the transaction regulations mandate use of a standardized
format. The format will be required by all public (Medicaid and Medicare)
and private insurers including managed care plans. In additions, the
transaction regulations mandate use of prescribed clinical coding systems,
e.g., diagnostic and procedure codes. All software systems involving
"covered" transactions will need to be HIPAA compliant.
Privacy regulations contain a
number of requirements including development/adoption of policies and
procedures, patient privacy notices and consent and authorization forms.
Providers are also required to designate a Privacy Officer to be
responsible for monitoring on-going compliance. It is important to note
that once an entity is covered under HIPAA, all personal health
information including paper and oral transmissions, is subject to Privacy
requirements.
|
HIPAA Resources
To save the file to your computer, right
click on the hyperlink and click on "save target as..."
Resources Available to ASAP Members
The following resources are available to ASAP
members and staff of agency members. Contact ASAP and identify what
material(s) you want we and will them to email you. Send your email
request to asap@asapnys.org
or asap@asapnys or call our office.
| Legal
Action Center Presentation on Privacy |
Bob
Lebman - Initial presentation on what programs need to do to get ready |
|
John Coppola - Initial Presentation on Security |
Bob
Lebman - NYC presentation on what programs need to do to get ready
(revised) |
|
John Coppola - Revised Presentation on Security |
Paula
Cattat - HIPAA Presentation at the ASAP Annual Conference |
|
John Coppola - Presentation on New Security Standards |
Chart
on Required and Addressable Security Standards |
Resources for All
-
Confidentiality of Alcohol and Drug Abuse Patient Records Regulation and
the HIPAA Privacy Rule: Implications for Alcohol and Substance Abuse
Programs (Adobe Acrobat document) - HIPAA educational document
that compares the Confidentiality of Alcohol and Drug Abuse Patient
Records regulation (42 CFR Part 2) with the HIPAA Privacy Rule (45 CFR
Parts 160 and 164). This document has been cleared by the U.S. Department
of Health and Human Services.
-
Covered
Entity Charts (word document) -
To determine if a natural person, business,
or government agency is a covered entity, go to the chart(s) that apply to
the person, business, or agency, and answer the questions, starting at the
upper left-hand side of the chart(s). This is also available at
http://cms.hhs.gov/hipaa/hipaa2/support/tools/decisionsupport/
-
HIPAA
Compliance:
Implementation Summary: 25-Point Action Overview-
Health Privacy Summary (Adobe
Acrobat document) - This summary
provides a broad overview of the major provisions of the regulation. It
does not, however, follow the organization of the regulation itself.
Rather, it is organized by topics of interest. In order to help users find
particular provisions in the regulation itself, citations for particular
provisions are included. The Health Privacy Project has posted an
unofficial text of the regulation as of August 14, 2002, on its Web site,
at
http://www.healthprivacy.org.
At some point, an official version of the regulation will be published
in Volume 45, Parts 160 and 164 of the Code of
Federal Regulations (CFR).
-
HHS Press
Release
- Administrative Simplification Under HIPAA: National Standards for
Transactions, Security and Privacy (October 15, 2002)-
HIPAA
Self-Assessment (word document) -
A self assessment tool that will
give programs an idea of their compliance level. Users of this form should
be aware that the results of self-assessment may be off as much as 30% and
should only use it as a guide. From “HIPAA SELF-ASSESSMENT AND PLANNING: A
Guide to the Privacy and Security Standards,” Christopher E. Coleman,
M.P.H., Andrew H. Joseph, J.D., Strategic Management Systems, Inc., Opus
Communications, Inc., a subsidiary of HCPro Corp., Copyright 2000. This
form is shared with the permission of its authors.
-
Maryland Health Care Commission HIPAA
Security Guidelines - also available at
http://www.mhcc.state.mc.us
-
NYS Central HIPAA Coordination
Project HIPAA Applicability Evaluation: developed by the Office
for Technology to guide NY state agencies in determining covered entity
status including hybrid status. -
Security Standards - The final Rule adopting HIPAA standards for
the security of electronic health information will be published in the
Federal Register on February 20, 2003. This final rule specifies a series
of administrative, technical, and physical security procedures for covered
entities to use to assure the confidentiality of electronic protected
health information. The standards are delineated into either required or
addressable implementation specifications.
Click here to view the Final Rule (PDF 914K).
-
Standards for Privacy of Individually
Identifiable Health Information; Federal Register Final Rule. Final changes to HHS'
health privacy regulations to ensure strong privacy protections while
correcting unintended consequences that threatened patients' access to
quality health care. Federal Register.
-
Standards For Privacy Of Individually
Identifiable Health Information. Additional guidance on the
HIPAA Privacy Rule developed by HHS's Office for Civil Rights and can also
be found at:
www.hhs.gov/ocr/hipaa/privacy.html.
-
Summary of HIPAA Privacy Rule
- Prepared by Health Privacy Project, Institute for Health Care
Research and Policy, Georgetown University. Also available at
http://www.healthprivacy.org/
|
|
Helpful Websites
Administrative Simplification under HIPAA: National Standards for
Transactions, Security and Privacy
http://www.hhs.gov/news/press/2002pres/hipaa.html
CDC National Center for Health
Statistics, Web-Based Resource Center
http://www.cdc.gov/nchs/otheract/phdsc/wbasedwg_sites.htm#HIPAA%20Implementation
Frequently Asked Questions About Code
Set Standards Adopted Under HIPAA
http://aspe.hhs.gov/admnsimp/faqcode.htm
Frequently Asked Questions About Electronic Transaction Standards Adopted
Under HIPAA
http://aspe.hhs.gov/admnsimp/faqtx.htm
Frequently Asked Questions About Security and Electronic Signature Standards
http://aspe.os.dhhs.gov/admnsimp/faqsec.htm
Health and Human Services - Office of Human Rights - HIPAA
http://www.hhs.gov/ocr/hipaa/whatsnew.html
 HCFA
sponsored listserve
http://aspe.hhs.gov/admnsimp/lsnotify.htm
Health Privacy Project
http://www.healthprivacy.org/
HIPAA
Administrative Simplification Compliance Act (ASCA)
Frequently
Asked Questions:
http://www.hipaadvisory.com/action/faqs/FAQ_ASCA.htm
HIPAA Centers for Medicare & Medicaid Services
Administrative
Simplification
http://www.cms.gov/hipaa/hipaa2/default.asp
CMS Forms
http://www.cms.hhs.gov/forms/
Covered Entity Decision
Tools
http://cms.hhs.gov/hipaa/hipaa2/support/tools/decisionsupport/
HIPAA Online http://cms.hhs.gov/hipaa/online
Insurance Reform
http://cms.hhs.gov/hipaa/hipaa1
One Year Extension
http://www.cms.gov/hipaa/hipaa2/ascaform.asp
NASADAD HIPAA Information Pages
Help Center http://www.nasadad.org/Departments/Research/HIPAAHelp/HIPAAHelp.htm
New
York State Office of Alcoholism and Substance Abuse
http://www.oasas.state.ny.us/hps/Hipaa/hipaa_home.htm
PUBLIC LAW 104-191 AUG. 21, 1996 HEALTH INSURANCE PORTABILITY AND
ACCOUNTABILITY ACT OF 1996
http://aspe.hhs.gov/admnsimp/pl104191.htm
Standards for Privacy of Individually Identifiable Health Information
http://aspe.hhs.gov/admnsimp/final/pvcguide1.htm
Strategic
National Implementation Plan, Workgroup for Electronic Data Interchange:
http://snip.wedi.org/
|
