The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), also known as HIPAA, was enacted as a Congressional attempt to reform healthcare. The purpose of the Act is to:
Improve portability and continuity of health insurance coverage in the group and individual markets;
To combat waste, fraud, and abuse in health insurance and health care delivery;
To promote the use of medical savings accounts;
To improve access to long-term care services and coverage;
To simplify the administration of health insurance; and
Other purposes.
Title I of the HIPAA law deals with health care access, portability, and renewability with the intention of protecting health insurance coverage for workers and their families when they change or lose their jobs. Title II of the law, also known as "Administrative Simplification", deals with preventing health care fraud and abuse.
The "Administrative Simplification" aspect of that law requires the United States Department of Health and Human Services (HHS) to develop standards and requirements for maintenance and transmission of health information that identifies individual patients. These standards are usually referred to as "HIPAA Regulations".
These regulations are designed to:
Improve the efficiency and effectiveness of the healthcare system by standardizing the interchange of electronic data for specified administrative and financial transactions; and
Protect the security and confidentiality of electronic health information.
The requirements outlined by the law and the regulations promulgated by DHHS are far-reaching. Health care organizations that maintain or transmit electronic health information must comply. This includes health plans, health care clearinghouses, and healthcare providers who submit claims electronically. After each final regulation is adopted, small health plans have 36 months to comply. Others, including healthcare providers, must comply within 24 months.
What are the HIPAA regulations?
The components of Title II, Administrative Simplification, of the HIPAA law are called "regulations" (often referred to as "rules" or "standards") and must be implemented to comply with the law. These regulations are as follows:
Electronic Transactions (Includes Standard Code Sets)
Claims Attachments
Unique Health Identifiers
National Provider Identifier
National Employer Identifier
National Health Plan Identifier
National Individual Identifier
Privacy
Security
Enforcement
How are Rules (Regulations) Made?
The US Department of Health & Human Services proposes the rules. Once a rule is approved from within the government, the public is given the opportunity to comment on the proposal, and those comments are analyzed and considered in the development of the final rules. The final rules will have the force of Federal law. Read more about how rules are made.
What part of HIPAA is DHHS focusing on?
The NC DHHS HIPAA Initiative focuses on Title II - the "Administrative Simplification" portion of the law.
What are the penalties for not complying?
It is not yet completely understood how these penalties will be applied. More information will become available when the complete Enforcement Regulation is published. However, the general penalty for failure to comply is:
Each violation: $100
Maximum penalty for all violations of an identical requirement: may not exceed $25,000
Wrongful Disclosure of Individually Identifiable Health Information:
Wrongful disclosure offense: $50,000, imprisonment of not more than one year or both
Offense under false pretenses: $100,000, imprisonment of not more than 5 years, or both
Offense with intent to sell information: $250,000, imprisonment of not more than 10 years, or both
0 komentarze:
Post a Comment