March 14, 2004--In today's world of acronyms and compliance mandates, we know it can be hard to keep HIPAA straight from hippos. We offer the following synopsis to help you and your business understand the Health Insurance Portability and Accountability Act (HIPAA).

What Is HIPAA?
Enacted in August of 1996, HIPPA established rules to combat waste, fraud and abuse, improve portability of health insurance coverage, and simplify administration of healthcare. By establishing consistent industry standards, HIPPA makes it easier for health plans, doctors, hospitals, and other health care providers to process transactions electronically. Enforcement of the requirements is the responsibility of the Office for Civil Rights (OCR).

Who Does HIPAA Affect?
HIPAA covers three groups:
* Healthcare practices, and any business that sponsors a health plan that transmits ANY patient information digitally or uses a billing service that electronically administers claims.
* Health benefit plans (except those that are self-administered and cover fewer than 50 participants).
* Clearinghouses that supply services to convert transactions to required formats for healthcare practices and benefit plans.

What Is a Small Health Plan?
A small health plan is one that collects less than $5 million annually. Dental, vision, medical, and long term care are all health benefit plans. A fully insured plan that collected premiums of less than $5 million in the plan's last full fiscal year is a small health plan and, if not self-administered, or if more than 50 participants are covered, is subject to HIPAA as of April 14, 2004. If more than $5 million was collected, then it is a large plan, subject to the earlier deadline of April 14, 2003. If you missed the deadline, please call us immediately; we can help you minimize your exposure or liability.

What Are the Deadlines for Compliance?
The HIPAA administrative simplification was finalized April 14, 2001. Most health plans, clearinghouses and health care providers who engage in certain electronic transactions were given two years (to April 14, 2003) from the time the final regulation took effect to comply with the HIPAA standards. Small health plans were given three years to comply – a deadline of April 14, 2004.

What Does HIPAA Require of Health Plans?
Health Plans are covered by Title II. This section mandates rules for maintaining the privacy of protected health information establishes security requirements to protect that information and publishes, documents, requires standard identifiers for Electronic Data Interchange.

The Department of Health and Human Services (HHS) established the final privacy rules to provide health care recipients with:
* The right to review and copy their health information.
* The right to request an amendment of their health information.
* The right to receive a reporting of disclosures of their health information.
* The right to request disclosure restriction of their health information.
* The right to request alternative methods of communication of their health information.

What Do You Need To Do?
The privacy rule contains five necessary responsibilities for a small health plan to meet by the April 14 deadline. Plans must:
1. Provide information to participants about their privacy rights and how their information can be used.
2. Adopt clear privacy procedures.
3. Train all employees in the plan's privacy procedures.
4. Designate an individual to be held responsible for enforcing privacy procedures.
5. Secure all patient records and individually identifiable health information.

Who Can Help?
With the April 14 deadline quickly approaching, now is the time to act. Sifting through the requirements of HIPAA is not a simple task and is one that takes time and effort. The good news: help is out there. The United States Department of Health and Human Services, Office for Civil Rights (OCR), provides in-depth explanations of HIPAA under the Privacy of Health Information / HIPAA feature at www.os.dhhs.gov/ocr/hipaa/.
Additionally, experienced professionals, fully aware of these requirements and conversant with pertinent laws, rules and regulations pertaining to HIPPA, are available. Our team has developed an effective procedure to bring your company into compliance, including:
* Evaluating your current practices, policies and procedures in light of HIPAA privacy legislation
* Preparing a gap analysis
* Constructing implementation plans
* Providing specimen policies, procedures and resources
* Assisting with implementation
We have worked with a number of companies to meet their needs and complete the compliance requirements in a timely, cost efficient manner.





This article courtesy of http://www.ruhipaacompliant.com.
You may freely reprint this article on your website or in
your newsletter provided this courtesy notice and the author
name and URL remain intact.

Submit Your Article