|
News Updated Date : |
|
November 23rd, 2009 12:27pm |
|
|
What is HIPAA?
The Health Insurance Portability and
Accountability Act of 1996 (Public Law 104-191), also known as
HIPAA, was enacted as a Congressional attempt to reform healthcare.
The purpose of the Act is to:
- Improve portability and continuity of health insurance coverage
in the group and individual markets;
- To combat waste, fraud, and abuse in health
insurance and health care delivery;
- To promote the use of medical savings accounts;
- To improve access to long-term care services and coverage;
- To simplify the administration of health insurance; and
- Other purposes.
Title I of the HIPAA law deals with health care
access, portability, and renewability with the intention of
protecting health insurance coverage for workers and their families
when they change or lose their jobs. Title II of the law, also
known as "Administrative Simplification", deals with preventing
health care fraud and abuse.
The "Administrative Simplification" aspect of that law
requires the United States Department of Health and Human Services
(HHS) to develop standards and requirements for maintenance and
transmission of health information that identifies individual
patients. These standards are usually referred to as "HIPAA
Regulations".
These regulations are designed to:
- Improve the efficiency and effectiveness of the healthcare
system by standardizing the interchange of electronic data for
specified administrative and financial transactions; and
- Protect the security and confidentiality of electronic health
information.
The requirements outlined by the law and the regulations
promulgated by DHHS are far-reaching. Health care organizations
that maintain or transmit electronic health information must
comply. This includes health plans, health care clearinghouses, and
healthcare providers who submit claims electronically. After each
final regulation is adopted, small health plans have 36 months to
comply. Others, including healthcare providers, must comply within
24 months.
What are the HIPAA
regulations?
The components of Title II, Administrative Simplification, of
the HIPAA law are called "regulations" (often referred to as
"rules" or "standards") and must be implemented to comply with the
law. These regulations are as follows:
- Electronic Transactions (Includes Standard Code Sets)
- Claims Attachments
- Unique Health Identifiers
- National Provider Identifier
- National Employer Identifier
- National Health Plan Identifier
- National Individual Identifier
- Privacy
- Security
- Enforcement
How are Rules (Regulations) Made?
The US Department of Health & Human Services proposes the
rules. Once a rule is approved from within the government, the
public is given the opportunity to comment on the proposal, and
those comments are analyzed and considered in the development of
the final rules. The final rules will have the force of Federal
law. Read more about how rules are made.
What part of HIPAA is DHHS focusing
on?
The NC DHHS HIPAA Initiative focuses on Title II - the
"Administrative Simplification" portion of the law.
What are the penalties for not
complying?
It is not yet completely understood how these penalties will
be applied. More information will become available when the
complete Enforcement Regulation is published. However, the general
penalty for failure to comply is:
- Each violation: $100
- Maximum penalty for all violations of an identical requirement:
may not exceed $25,000
Wrongful Disclosure of Individually
Identifiable Health
Information:
- Wrongful disclosure offense: $50,000, imprisonment of not more
than one year or both
- Offense under false pretenses: $100,000, imprisonment of not
more than 5 years, or both
Offense with intent to sell information:
$250,000, imprisonment of not more than 10 years, or
both
|
|
