Effect of Titles and Subtitles of HIPAA

Effect of Titles and Subtitles of HIPAA on the IT Organization Diana Kreps Information Systems Risk Management in Health Care/HCIS420 April 30, 2012 Lee Edwards

Effect of Titles and Subtitles of HIPAA

Effect of Titles and Subtitles of HIPAA on the IT Organization The Health Information Portability and Accountability Act (HIPAA) was developed in order to address discriminatory practices in the provision and retention of group health insurance coverage, and to establish standards for the identification, security and sharing of medical records and other private patient information. HIPAA was passed on August 21, 1996, although the final version of the rules did not go into effect until April 14, 2001. A two year grace period was given to allow covered entities to bring their practices into compliance with these new regulations. Thus, HIPAA-compliant practices were universally adopted throughout the United States on April 14, 2003 ("Privacy Legislation and Regulations", 2010). HIPAA contains two primary titles. Title I, Health Care Access, Portability and Renewability, prevents discrimination in enrollment and disparity in health care premiums charged to employees and their families based upon health factors or preexisting conditions. Persons employed at an entity which provides group medical coverage must be granted benefits equal to those of similarly situated individuals within the group plan, regardless of medical status or preexisting conditions. These benefits must be provided at the same costs. Furthermore, individuals with creditable coverage who change employers may only have benefits for preexisting conditions excluded for a maximum period of 12 months under most circumstances. Assuming there has been a break in coverage of 62 days or fewer, an individual may receive credit for time he or she had continuous coverage against the 12 month exclusion period. Title II, Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform, gave rise to the bulk of the rules which affect the day-to-day operations of health care providers and patients. Title II was designed to respond to the increasing use of electronic resources to acquire and transmit confidential patient data. It has

Effect of Titles and Subtitles of HIPAA

two primary areas of regulation. The first area specifically addresses the standardization of patient data for electronic transactions. Under Title II, universal transaction codes are assigned for basic administrative activities such as submitting and checking the status of claims and facilitating premium payments. This coding system is intended to reduce ambiguity and confusion between the various entities involved in health care administration and to facilitate the convenient exchange of electronic data. Title II also contains security rules which provide standards for the administrative, physical, and technical safeguards relating to electronic systems and the security of personal health information. One may argue that the Privacy Rule, which also emerged from Title II, has had the greatest impact upon the operations of employers and heath care providers. The Privacy Rule provides a national standard for the protection, use and disbursement of protected health information (PHI). The Privacy Rule operates in several ways. Individuals benefit through increased control over their PHI. Under HIPAA, health care entities must disclose to patients how their protected information may and may not be used. Patients must also sign authorizations to allow protected information to be released. Patients have the right to obtain copies of their health information and records and may not be coerced or interfered with while exercising their HIPAA-protected rights. Finally, the Privacy Rule allows individuals to file complaints if they feel their PHI has been improperly used or insufficiently protected. The Privacy Rule also places restrictions on the flow of information between covered entities at all levels of health care. Although entities may freely communicate information which relates directly to the treatment of patients, other types of communication are limited. Most significantly, the transmission of PHI is restricted between the insurance benefit provider and the

Effect of Titles and Subtitles of HIPAA

employer who sponsors the plan. In this way, PHI of employees may not be used to make employment-related decisions such as hiring, firing and the granting of promotions. The creators of HIPAA recognized the need to collect private health data in order to protect the public interest. Public interest activities include the gathering of epidemiological statistics, the conduction of research and the development of defense and terrorism protection plans. In such instances, government and public health entities and research facilities may be granted access to HIPAA-protected information without express written authorization. While the basic protections of HIPAA have remained unchanged since its inception, the rules are subject to constant revision. In the past six years, many rules have been modified to respond to changing practices and developments in health care administration, technology, and public policy. One significant recent update is the issuance of national provider identifiers, which replace all other payer-assigned identifiers. Given the continual advances in technology and electronic communications and the impending National Health Care Reform Bill, it seems inevitable that HIPAA rules will continue to evolve.

Effect of Titles and Subtitles of HIPAA

References Anthem Blue Cross Blue Shield. HIPAA Title II Blue Book. Retrieved from http://www.anthem.com/shared/noapplication/f3/s1/t0/pw_035866.pdf Centers for Disease Control and Prevention. HIPAA Privacy Rule and Public Health. Retrieved from http://www.cdc.gov/mmw/preview/mmwrhtml/m2e411a1.htm HIPAA Ohio. Health Insurance Portability and Accountability Act of 1996 (HIPAA) Title I Health Care Access, Portability, and Renewability April, 2002. Retrieved from http://hipaa.ohio.gov/whitepapers/title1healthcareaccess.PDF Privacy Legislation and Regulations. (2010). Retrieved on April 29, 2012 from http://www.cdc.gov/od/science/integrity/privacy/ U.S. Department of Health and Human Services. Health Information Privacy. Retrieved from http://www.hhs.gov/ocr/privacy/index.html Wilson J. (2006). "Health Insurance Portability and Accountability Act Privacy rule causes ongoing concerns among clinicians and researchers." Ann Intern Med 145 (4): 3136.