Understanding Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act, which was signed into law in 1996, is a federal law which created national standards for protecting sensitive patient health information from disclosure without a patient’s consent or knowledge.
Let’s dive into the different parts of the act and how they affect you and your business.
The Health Insurance Portability and Accountability Act Privacy Rule, establishes requirements for healthcare providers regarding who can access a patient’s information. Applying to health care plans, agencies, and any healthcare provider transmitting patient information electronically and medical plans providing or paying the cost of medical care also fall under HIPAA. Which includes dental, health, vision, prescription drug insurers, health maintenance organizations (HMO), Medicare, and Medicaid.
What is protected under HIPAA’s Privacy rule?
- An individual’s physical and mental health history.
- Treatments an individual has access to.
- The payment information of the individual.
The next rule deals with electronic transmission security of someone’s protected medical data.
The Security Rule is administered by the Centers for Medicare and Medicaid Services (CMS), and lays out a series of physical, technical, and administered safety measures guaranteeing the integrity, availability, and confidentiality of electronic healthcare information.
To be in compliance with the Health Insurance Portability and Accountability Act Security Rule, your organizations must:
- Maintain the infrastructure to ensure the confidentiality and integrity of all electronic health information.
- Actively safeguard against current and potential threats to the information’s security.
- Protect against impermissible, current or anticipated, use or disclosure.
- Provide certified compliance by the organization’s workforce.
Both the Privacy and Security Rule are enforced by the Office for Civil Rights and any formal complaints regarding infractions need be reported to that office.
Electronic Transaction & Code Set Standards
The HIPAA transactions and code set standards are standardizations of the electronic exchange of a patient’s identifiable health-related information. Based on electronic data interchange (EDI) standards allowing the electronic exchange of information from computer to computer with no human involvement.
This affects your organization by requiring all payers, health care plans, clearinghouses, and insurance plans will have to convert to using these standards in order to be in compliance with the Health Insurance Portability and Accountability Act.
Health care providers are mandated to use unique Health Plan Identifiers (HPID). These numbers are assigned to specific medical transactions to increase the efficiency, utility, and clarity of medical transactions. For example, the code for a testosterone level test is the same, regardless of what provider a patient chooses to use. This standardization eliminates the pitfalls of deciphering what care, test, or drug is provided as well as billing the services that have been provided.
These requirements are administered by the Centers for Medicare and Medicaid Services.
Penalties for General Violations of HIPAA and Wrongful Disclosure of Individually Identifiable Health Information
- A $100 penalty will be assessed per violation but no more than $25,000 in one year for all identical violations.
- A $50,000 penalty can be applied for wrongful disclosure, along with imprisonment for no more than one year, or both.
- A $100,000 penalty, imprisonment for not more than five years or both can be assessed for wrongful disclosure made under false pretenses.
- A $250,000 penalty, imprisonment of no more than 10 years, or both, for wrongful disclosure made with the intent to sell protected information.
For more information about The Health Insurance Portability and Accountability Act or our role in your data security, contact us or call us today at 623-312-2440. We can clarify about the specifics for HIPAA compliance and present secure data transfer solutions for your medical practice.