OVERVIEW

HIPAA is the acronym for The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), formerly the Kennedy-Kassenbaum Bill. Signed into law by President Clinton, this legislation was designed to incrementally reform healthcare in the United States. HIPAA is best known as the law that provides individuals and their families continued health insurance coverage after leaving, or losing, a job. However, HIPAA has evolved into a wide-reaching mandate geared toward assuring the privacy and security of individually identifiable healthcare information and standardizing electronic healthcare transactions. The primary objective of HIPAA is the overall reduction of healthcare expenditures.

The HIPAA regulations apply to all healthcare organizations that maintain or transmit health information electronically. This includes all healthcare providers, from integrated delivery systems to private physician practices, healthcare clearinghouses and health plans, collectively referred to as covered entities. Compliance with the HIPAA regulations is not a one-time event but an on-going process that requires continued monitoring and updating. Non-compliance can lead to substantial criminal and civil penalties, which range from $100 per violation up to a maximum of $25,000 for a single violation. Fines can range up to $250,000 and 10 years in prison for wrongful disclosure with intent to sell information. Additionally, credentialing authorities, such as the Joint Commission on the Accreditation of Healthcare Organizations (JCAHO) and the National Commission on Quality Assurance (NCQA), are evaluating means of integrating the HIPAA mandates into their evaluation processes.

It is critical to recognize that HIPAA is not an information technology issue, but a management issue for all covered entities. There are legal, regulatory, process, security and technology aspects to each rule. Therefore, it would be unwise to believe the installation of information systems, singularly, would achieve HIPAA compliance. Covered entities must analyze their processes and policies relative to the regulations via a detailed gap analysis. Only after identifying operational strengths and weaknesses can an optimal compliance plan specific to the entity be constructed and implemented.

The Administrative Simplification portion of the HIPAA law presents covered entities with uncertainties and will require activities that are anticipated to equal, or surpass, those of Y2K. Administrative Simplification falls into the following four broad sections:

• Electronic Data Information (EDI) Transactions and Code Set Standards
• Unique Identifiers
• Privacy Standards
• Security Standards

Three of these categories, EDI Transactions and Code Sets, Unique Identifiers and Privacy, have been approved by the Department of Health and Human Services (DHHS) Secretary and have established compliance dates.

Further information

To discuss your particular requirements, or for further information on Equivus products and services, please feel welcome to call us on 866.378.4887. Alternatively please email info@Equivus.com.

© 2000 EQUIVUS, Inc. All Rights Reserved Powered by Equivus Hosting Services

Home | About Equivus | Products & Services | News | Careers | Support | Contact | Search | Site Map