HIPAA
ADMINISTRATION SIMPLIFICATIONby A. Maureen Hanna
HIPAA
ADMINISTRATION SIMPLIFICATION
by A. Maureen Hanna
On August 21, 1996, President Clinton signed into law the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (HIPAA). One part of this law, labeled Administrative Simplification, is intended to reduce the costs and administrative burdens of health care by making possible the standardized, electronic transmission of certain administrative and financial transactions which are currently carried out manually on paper. Electronic transmissions would include transactions using all media, even when the information is physically moved from one location to another using magnetic-tape, floppy disk, compact disc, transmission over internet, extranet, telephone voice response systems, and faxback of requested information.
To accomplish this goal, the law requires
the Secretary of Health and Human Services (HHS) to:
1. Adopt national standards for these transactions for all
health plans.
2. Require that the standards be followed any time the transactions
are conducted electronically.
The law does not require the collection or electronic transmission
of any health information.
The certain uniform transactions and
data elements include:
1. Health care claims or equivalent encounter information,
2. Health claims attachments,
3. Enrollment and disenrollment in a health plan,
4. Eligibility for a health plan,
5. Health care payment and remittance advice,
6. Health plan premium payments,
7. First report of injury,
8. Health claim status,
9. Referral certification and authorization, and
10. Coordination of benefits.
The provision also requires national
standards for:
1. Codes sets for each data element for each health care transaction
listed above.
2. Standards identifiers for providers, health plans, employers
and individuals.
3. Security and privacy standards to safeguard health information
during transmission and while stored in health information systems.
4. Ensuring the integrity of the information.
5. Protecting against unauthorized uses and disclosures.
The health care industry estimates that full implementation of the provisions could save up to $9 billion per year from administrative overhead. To make the savings a reality, the law requires the Secretary of HHS to adopt uniform national standards for the electronic processing of insurance claims and related transactions within 18 months of the law's enactment (by February 1998). Health plans, providers, and insurers would then have 24 months (after the effective date of the final rule) to implement the standards. Small plans (as defined by the Secretary as those with fewer than 50 participants) will have 36 months to implement the same standards. The actual implementation schedule is likely to take longer for some of the more difficult and controversial elements.
HHS has established six interdepartmental
working groups to identify and assess potential standards for
adoption in the following areas:
1. Health insurance claims and encounters.
2. Health insurance enrollment and eligibility.
3. Health identifiers for providers, health plans, employers and
individuals.
4. Code sets and classification systems.
5. Security standards and safeguards.
6. Information infrastructure and crosscutting issues.
To ensure protection of privacy, the law provides for confidentiality protections for information processed in accordance with the new standards. It also requires the Secretary to make recommendations for health record privacy legislation to Congress. If Congress does not enact such legislation, health care providers, health plans, and health care clearinghouses using the new standards will be required to follow confidentiality regulations promulgated by HHS for transactions covered by the electronic transmission standards.
The law specifies steep penalties for misuse of a health identifier and for wrongfully obtaining or disclosing individual identifiable health information. The penalties, which increase by type of offense, can be as much as $250,000 and 10 years in prison. More serious offenses are defined as those committed under false pretenses or those committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm.
 |
 |
 |
 |
 |
 |
 |
 |