THE HEALTH INSURANCE PORTABILITY and Accountability Act (HIPAA) is about information efficiency, privacy, and security in the U.S. healthcare industry. The issues that relate to HIPAA deal with the transaction efficiency, as well as the security and privacy of patient and medical records and information. HIPAA's goal is to bring about national standards for consistent data formats for healthcare transactions. Another key benefit is the potential for substantial reduction in paper-handling costs for healthcare claims--from $6 to $8 per claim to less than $1.
This article focuses on the Administrative Simplification (AS) portions of HIPAA Title II.
Electronic transactions
The HIPAA 'Standard for Electronic Transactions,' also referred to as the 'Transaction and Code Sets,' facilitates standardized information exchange between providers and payers. The fields within these transactions must be completed with entries from specified code sets. In addition to code sets, the transactions must contain identifiers, such as a Provider Identifier.
HIPAA privacy requirement
HIPAA privacy requirements outline specific rights for individuals regarding protected health information and obligations of healthcare providers, health plans, and health care clearinghouses. In general, the patient must authorize any disclosure of protected health information, unless specifically permitted by the regulation.
Any patient identifiable information is now Protected Health Information (PHI) regardless of the media form it is in. PHI is protected under HIPAA during data at rest or in transit. 'At rest' refers to data that is accessed, stored, processed, or maintained. 'In transit' refers to data that is transmitted in any form.
Although the HIPAA privacy regulations went into effect on April 14, 2001, you aren't required to comply with any regulation until 24 months (or 36 months for small health plans) after that date. This isn't leeway to procrastinate though. Providers and other covered entities will need the remaining time to bring their policies, procedures, and processes into compliance and obtain patient consents.
Security requirements
At a minimum, all health plans, clearinghouses, and healthcare providers that transmit or maintain electronic health information must conduct a risk assessment and develop a security plan to protect this information. They must also document these measures, keep them current, and train employees on appropriate security procedures.
Getting started with HIPAA
HIPAA is about e-business initiatives inside organizations. This will not only provide more timely availability of information, enabling faster decision-making, but it will also enable substantial cost savings and increased opportunities for revenue. HIPAA is a challenge from both the technology and business process perspectives.
Take advantage of the the guidelines laid out by HIPAA, and use it to accelerate the pace for the development of e-business applications and a secure, trusted infrastructure. Again, rather than just another government regulation with which to comply, HIPAA represents an enormous, unprecedented opportunity that will result in new efficiencies and enhanced profitability for the healthcare industry.
ADVISOR REALITY CHECK
Far more than just another government regulation, HIPAA is a standard for defining how the healthcare industry will securely handle patient data. HIPAA provisions will results in e-business initiatives that will substantially reduce the costs of processing medical claims and transactions.
Uday O. Ali Pabrai, CEO of ecfirst.com, is an accomplished expert in the areas of HIPAA, PKI, biometrics and enterprise security, A highly sought after speaker, Ali has delivered keynote and other sessions at numerous conferences worldwide including COMDEX, COMNET, Internet World and DCI's Internet Expo. All created the industry leading CIW program and is the co-creator of the highly successful Security Certified Program (SecurityCertified.Net). At ecfirst.com, Ali developed E-Accelerator, a HIPAA security-related implementation methodology. pabrai@ecfirst.com.
