In response to the HIPAA mandate, HHS published a final regulation in the form of the Privacy Rule in December 2000, which became effective on April 14, 2001. This Rule set national standards for the protection of health information, as applied to the three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct certain health care transactions electronically. As such, Stony Brook University Medical Center must implement standards to protect and guard against the misuse of individually identifiable health information.
The Privacy Rule establishes, for the first time, a foundation of Federal protections for the privacy of protected health information. The Rule does not replace Federal, State, or other law that grants individuals even greater privacy protections, and covered entities are free to retain or adopt more protective policies or practices.
Q: What does the HIPAA Privacy Rule do?
Source: Office for Civil Rights Guidance. December 3, 2002
Complete Regulation Text for Privacy Rule (Parts 160 and 164), as modified (05/31/02, 08/14/02) published by the Office for Civil Rights (OCR): http://www.hhs.gov/ocr/privacy
Private health plans, health care providers, and health care clearinghouses must assure their customers (such as patients, insured, providers, and health care plans) that the confidentiality and privacy of health care information they electronically collect, maintain, use, or transmit is secure. Security of health information is especially important when health information can be directly linked to an individual. Confidentiality is threatened not only by the risk of improper access to electronically stored information, but also by the risk of interception during electronic transmission of the information.
The Security Rule mandates health plans, health care clearinghouses, and health care providers to have security standards in place to comply with the statutory requirement that health care information and individually identifiable health care information
be protected to ensure privacy and confidentiality when health information is electronically stored, maintained, or transmitted.
Source: Federal Register: August 12, 1998 (Volume 63, Number 155)
For more information please visit: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule
Transactions & Code Sets
Congress and the health care industry have agreed that standards for the electronic exchange of administrative and financial health care transactions are needed to improve the efficiency and effectiveness of the health care system. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of Health and Human Services to adopt such standards.
National standards for electronic health care transactions will encourage electronic commerce in the health care industry and ultimately simplify the processes involved. This will result in savings from the reduction in administrative burdens on health care providers and health plans. Today, health care providers and health plans that conduct business electronically must use many different formats for electronic transactions. For example, about 400 different formats exist today for health care claims. With a national standard for electronic claims and other transactions, health care providers will be able to submit the same transaction to any health plan in the United States and the health plan must accept it. Health plans will be able to send standard electronic transactions such as remittance advices and referral authorizations to health care providers. These national standards will make electronic data interchange a viable and preferable alternative to paper processing for providers and health plans alike.
What health care transactions are required to use the standards under this regulation?
As required by HIPAA, the Secretary of Health and Human Services is adopting standards for the following administrative and financial health care transactions:
- Health claims and equivalent encounter information.
- Enrollment and disenrollment in a health plan.
- Eligibility for a health plan.
- Health care payment and remittance advice.
- Health plan premium payments.
- Health claim status.
- Referral certification and authorization.
- Coordination of benefits.
Standards for the first report of injury and claims attachments (also required by HIPAA) will be adopted at a later date.
Source: U.S. Department of Health and Human Services. Transactions and Code Sets Frequently Asked Questions. Sept. 8, 2000.
Copyright © 2012, Stony Brook University Medical Center. All rights reserved