 |
 |
|
|
|
|
 HIPAA FAQs |
|
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act. This act was passed into law in 1996
|
When did HIPAA enforcement go into effect?
The Transaction Standards was enforced in October 2002. All "covered entities" had to be in compliance by that date or had to file for an extension prior to that date. The Privacy Standards had to be met by April 2003 for most "covered entities." "Covered entities" are defined below. For smaller healthplans, privacy standards had to be met by April 2004. Finally, Security standards for most covered entities had to be met by April 2005.
May an employer be a health plan?
The simple answer is "yes". The definition of health plan includes the following: (a) an employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers, or (b) a group health plan as defined by ERISA, including insured and self-insured plans that (i) has fifty (50) or more participants or (ii) is administered by a third party administrator. Therefore, if the employer offers a self-insured health plan that meets these criteria, it is a covered entity. .
May an employer be a provider?
It is possible that an employer may also be a provider. Many employers provide medical or other health services in the form of wellness programs, disease management programs, employee assistance programs, and occupational health and medicine services.
May an employer be a business associate?
Employers may be plan sponsors of a group health plan that is a covered entity under the HIPAA regulations. In such case, specific requirements apply to the group health plan and the employer may be a business associate of that health plan. The privacy regulations contain nine specific conditions that a group health plan must require the plan sponsor as a business associate to meet to ensure that the sponsor complies with HIPAA. These requirements refer to the use and/or disclosure of information, appropriate safeguards, compliance with certain privacy standards, and policies and procedures related to privacy.
Furthermore, if an employer creates, transmits, or receives any protected health information (oral or recorded, paper or electronic), then the employer may be considered a business associate of a covered entity (generally the health plan or a provider).
What is protected health information?
Protected health information is any health information that is recorded or transmitted in any form or any medium that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university or clearinghouse. Protected health information may be oral or written, recorded on paper or stored electronically.
Much of the information may appear impersonal, irrelevant, uninteresting, or otherwise innocuous. However, all personal health information in the possession of a covered entity is covered by the regulations, including demographic information, identifying information, service information such as appointments, as well as specific clinical information related to disease, treatment procedures, lab results, pharmaceuticals, and symptoms.
What is a transaction?
A transaction is an exchange of information between two parties to carry out financial or administrative activities related to health care. The regulations include ten specific transactions. Employers will be routinely involved in several of these transactions.
What types of companies are affected by HIPAA?
Health Plan: "an individual or group plan that provides, or pays the cost of, medical care"
Health Care Provider: "a provider of medical or other health services and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business"
Clearinghouse: "an entity that processes or facilitates the processing of information received from another entity in a standard or nonstandard form"
Additionally, any entity that in the context of a business arrangement with a covered entity may have access to identifiable health information (a "business associate") will be expected to comply with the HIPAA regulations. Examples of business associates might include third-party administrators, re-pricing companies and preferred provider organizations.
|
|
| © iStockphoto.com/Lise Gagne |
© Kirsty Pargeter. Image from BigStockPhoto.com |
|
|
