|The Health Insurance Portability and Accountability
The HIPAA regulations apply to all healthcare organizations that maintain or transmit health information electronically. This includes all healthcare providers, from integrated delivery systems to private physician practices, healthcare clearinghouses and health plans, collectively referred to as covered entities. Compliance with the HIPAA regulations is not a one-time event but an on-going process that requires continued monitoring and updating. Non-compliance can lead to substantial criminal and civil penalties, which range from $100 per violation up to a maximum of $25,000 for a single violation. Fines can range up to $250,000 and 10 years in prison for wrongful disclosure with intent to sell information. Additionally, credentialing authorities, such as the Joint Commission on the Accreditation of Healthcare Organizations (JCAHO) and the National Commission on Quality Assurance (NCQA), are evaluating means of integrating the HIPAA mandates into their evaluation processes.
It is critical to recognize that HIPAA is not an information technology issue, but a management issue for all covered entities. There are legal, regulatory, process, security and technology aspects to each rule. Therefore, it would be unwise to believe the installation of information systems, singularly, would achieve HIPAA compliance. Covered entities must analyze their processes and policies relative to the regulations via a detailed gap analysis. Only after identifying operational strengths and weaknesses can an optimal compliance plan specific to the entity be constructed and implemented.
The Administrative Simplification portion of the HIPAA law presents covered entities with uncertainties and will require activities that are anticipated to equal, or surpass, those of Y2K. Administrative Simplification falls into the following four broad sections:
Three of these categories, EDI Transactions and
Code Sets, Unique Identifiers and Privacy, have been approved by the Department
of Health and Human Services (DHHS) Secretary and have established compliance