HIPAA FAQ's:

What is HIPAA?
HIPAA, also known as the Kennedy-Kassebaum Act of 1996, stands for the Health Insurance Portability and Accountability Act. It is a multifaceted piece of legislation covering the following three areas:
* Insurance Portability -- Ensures that individuals moving from one health plan to another will have continuity of coverage and will not be denied coverage under pre-existing condition clauses.
* Fraud Enforcement -- Provides increased funding and authority to investigate health organizations/payers for inappropriate billing and other illegal acts.
* Administrative Simplification:
  • 1. standardization of the format for electronic data interchange (EDI);
  • 2. ensuring the privacy of patient information during oral, written and electronic communications; and
  • 3. establishing procedures and safeguards to ensure the security of protected health information.
Who is affected by HIPAA?
Virtually any organization or individual that has access to private customer information is affected by HIPAA. Within the healthcare arena, this includes hospitals, insurance providers, physicians, long-term care facilities, and vendors and business partners.
What are the goals of HIPAA?
HIPAA's goals include:
  • Relieving providers and payers of many of the administrative burdens associated with medical transactions, such as billing and payment of claims
  • Protecting and enhancing consumers' rights of access to their own health information and offering them control over inappropriate use
  • Improving health care quality by restoring trust between patients and their providers
  • Improving efficiency by creating a national framework for privacy protection
What departments at Virtua will be affected by HIPAA? It is likely that all departments, both clinical and non-clinical, will be affected by HIPAA. Who is responsible for carrying out HIPAA? Everyone is responsible for compliance once HIPAA is implemented. The implementation process will require strong involvement by a number of departments and individuals including IS, medical records, patient accounts, compliance/risk management, human resources, medical staff, and marketing. Is there a standard for using and disclosing personal health information? According to HIPAA guidelines, the standard for use and disclosure is "minimum necessary use," which is defined making a reasonable effort to limit the use, disclosure of and request for personal health information to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. Can personal health information ever be used or disclosed without consent of the patient? Use or disclosure without consent is allowed in the following situations: * In an emergency * If required by law * If the individual is an inmate * In an indirect treatment relationship (e.g., radiologist, pathologist) * If inferred from the circumstances When must HIPAA Privacy Regulations be implemented? Virtua will implement HIPAA by January 2003. What are the penalties for non-compliance with the HIPAA Privacy Regulations? The penalties for non-compliance of this legislation are severe. On the civil side, the fine for violating each standard of HIPAA is up to $25,000 per person, per year. Criminal penalties are as follows: * Knowing disclosure: up to $50,000 fine; up to 1 year imprisonment * False pretenses: up to $100,000 fine; up to 5 years imprisonment * Intent to sell: up to $250,000 fine; up to 10 years imprisonment.

HIPAA GLOSSARY:

  • Administrative code Sets: Characterize a general business situation, rather than a medical condition or service. Sometimes referred to non-clinical or non-medical code sets.
  • Ambulatory Payment Class (APC): a payment type for outpatient PPS claims.
  • Business Associate: any person, agent or contractor who receives protected health information from an organization. It would not include a person who is an employee, a volunteer, medical staff member or other person associated with the organization on a paid or unpaid basis.
  • Covered Entity (CE): A health plan, health care clearinghouse, or health care provider who transmits any health information in electronic form.
  • Covered Functions: those functions of an organization which makes the entity a health plan, health care provider or health care clearinghouse.
  • Data Aggregation: Protected health information received by the business associate of another covered entity to permit data analyses.
  • Designed Record Set: Records maintained by or for a covered entity, such as medical records and insurance information.
  • Direct Treatment Relationship: a treatment relationship between an individual and a health care provider.
  • Disclosure: release or divulgence of information to outside persons or organizations.
  • Disclosure History: list of any entities who have received personally identifiable healthcare information for uses unrelated to treatment and payment.
  • Electronic Data: data that is recorded or transmitted electronically, including fax and audio systems.
  • Electronic Media: transmission via the Internet, leased lines, dial-up lines, private networks, and those transmissions that a physically moved from one location to another using magnetic tape, disk, or compact disk media.
  • Encoded Data: data represented by some identification or classification scheme, such as a provider identifier or a procedure code.
  • Group Health Plan: an employee health plan that provides for medical care and that either has 50 or more participants or is administered by another business.
  • Health and Human Services (HHS): Federal government department that has overall responsibility for implementing HIPAA.
  • Health Care Clearinghouse: processes or facilitates information received from another entity in a nonstandard format.
  • Health Care Operations: any of the following activities of an organized health care arrangement in which the covered entity participates:
    • 1. Conducting quality assessment and improvement activities, relating to improving health or reducing health care costs.
    • 2. Reviewing qualifications of health care professionals.
    • 3. Underwriting premium rating, and other activities relating to the insurance of health benefits.
    • 4. Conducting or arranging for medical review, legal services and auditing functions.
    • 5. Business planning and development relating to managing and operating the entity.
  • Healthcare Provider: any person or organization that furnishes, bills, or is paid for, healthcare services or supplies in the normal course of business. This definition would include a researcher who provides healthcare to the subjects of research, free clinics, and a health clinic or licensed healthcare professional located at a school or business.
  • Health Information: any information, whether oral or recorded in any form or medium, that:
    • 1. is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
    • 2. relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual.
  • Health Insurance Issuer: an insurance company, insurance service, or insurance organization (including an HMO) that is licensed to engage in the business of insurance in a State and is subject to State law that regulates insurance, not including a group health plan.
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA): a federal law allowing persons to qualify immediately for comparable health insurance coverage when they change their employment relationships.
  • Health Maintenance Organization (HMO): an organization recognized as an HMO under federal law.
  • Health Plan: an individual or group plan that provides or pays the cost of, medical care.
  • Indirect Treatment Relationship: a relationship between an individual and a health care provider in which the provider delivers health care or services based on orders of another health cared provider
  • Individual: the subject of protected health information.
  • Individually Identifiable Data: data readily associated with a specific individual. Examples would be a name, a personal identifier, or a full street address.
  • Individually Identifiable Health Information: information that is a subset of health information, including demographic information created or received by a health care provider, health plan, employer, or health care clearinghouse. Also relates to past, present or future physical or mental health condition of an individual.
  • Marketing: communicate a product or service to encourage recipients of the communication to purchase or use the product or service.
  • Payer: an entity that assumes the risk of paying for medical treatments.
  • Payment: activities undertaken by a health plan to determine its responsibilities for coverage under the health plan policy or contract.
  • Protected Health Information: individually identifiable health information that is transmitted by or maintained in any electronic media.
  • Psychotherapy Notes: records in any medium obtained by a mental health professional.
  • Public Health Authority: an agency or authority of the United States, or a person or entity acting under a grant of authority responsible for public health matters as part of its official mandate.
  • Required by Law: law that compels a covered entity to make a use or disclosure of protected health information and is enforceable in a court of law.
  • Research: a systematic investigation designed to develop or contribute to generalizable knowledge.
  • Third Party Administrator (TPA): an entity that processes health care claims and performs related business functions for a health plan.
  • Trading Partner Agreement: an agreement related to the exchange of information in electronic transactions, whether the agreement is distinct or part of a larger agreement, between each party.
  • Transaction: the transmission of information between two parties to carry out financial or administrative activities related to health care.
  • Treatment: the provision, coordination, or management of health care and related services by one or more health care providers.
  • Workforce: employees, volunteers, trainees and other persons who work for a covered entity.