Medical Billing
Medical Billing Coder
HIPAA
Health Care Financing Administration
Medicare A
Medicare B
What Isn’t Paid For
Filing a Medical Billing Claim
CPT Codes
FAQ’s
Medical Billing Terms Glossary
The International Classification of Diseases - 9-CM
Privacy Policy
Contact

Medical Billing: Laws and Regulations with HIPAA

August 21, 1996, the United States Congress enacted The Health Insurance Portability and Accountability (HIPAA),it was a federal bi-partisan bill based on the Kennedy-Kassebaum bill, in order to protect health insurance coverage for workers and their families when they change or lose their jobs.

Title I: Health Care access, Portability and Renewability, prohibits any group health plan from eligibility rules or assessing premiums for individuals in the plan based on health status, medical history, genetic information or disability. Title I limits restrictions that a group health plan can place on benefits due to preexisting conditions. Group health plans may refuse to provide benefits relating to the preexisting conditions for a time of twelve months after enrollment in the plan, or eighteen months in the case of late enrollment. Individuals are allowed to reduce the exclusion period , if they had previous health insurance prior to enrollment of the plan. It allows individuals to reduce the exclusion period by the amount of time they had credible coverage prior to enrolling in the plan after any significant breaks in coverage. Creditable coverage can be defined quite broadly and includes nearly all group and individual health care plans, Medicaid, and Medicare. A significant break in coverage is any 63 day period without any creditable coverage. Title I forbids individual health plans form denying coverage or imposing preexisting condition exclusions on individuals who have had at least eighteen months of creditable group coverage without significant breaks and who are not eligible to be covered under any group, state, or federal health plans at the time they seek individual insurance.

Title II of HIPAA is called Administrative Simplification. Title II was designed to:

  1. Reduce health care fraud.
  2. Guarantee security and privacy of health information.
  3. Requires the Department of Health and Human Services to draft rules aimed to enforce standards for health information and transactions.
  4. Reduce the cost of health care by standardizing the way the industry communicated information, creating standards for the use and sedimentation of health care information.

These rules apply to covered customers. Covered customers include billing services and community health information systems and health care providers that transmit your health care information.

Title II of HIPAA requires the establishment of national standards for electronic heath care transactions and national identifiers for providers, health insurance plans and employers.

HIPAA Privacy Rule took effect on April 14, 2003. It is the first comprehensive Federal protection for the privacy of personal health information. The Privacy Rule establishes regulations for the use and disclosure of Protected Health Information otherwise known as any information about health status, provision of health care, and payment of health care. This is interpreted very broadly and also includes any part for you medical record or payment history. You must disclose the PHI to the individual within thirty days upon request, or required to do so by law. A covered customer may disclose the PHI to ease treatment, payment , or health care operations or if the or if the health care organization has obtained authorization from the individual. If a covered customer discloses any Protected Health Information , it must make an effort to disclose only the minimum and necessary information required to achieve its purpose.

The Privacy Rule also gives the individual the right to request that the health care provider to correct any inaccurate PHI and to take reasonable steps to ensure confidentiality of communications with individuals. The Privacy Rule also requires the health care provider to notify individuals of uses of their PHI> They must also keep track of disclosures and document privacy policies and procedures. The health care provider must appoint a Privacy Official and a contact person that is responsible for receiving complaints and train their members of the workforce in the procedures of the PHI. If you feel that the Privacy Rule is not being in force, you can file a complaint with the Department of Health and Human Services for Civil Rights.

HIPAA Security Rule- The Security Rule complements the Privacy Rule. It took effect on April 21st, 2003 with a compliance date of April 21st, 2005, and April 21st 2006 for small plans. The Security Rule has three types of security safeguards required for compliance.

  1. Administrative - policies and procedures must be clearly designed. The policy and procedures must reference management oversight and organizational buy-in compliance with documented security controls. Procedures should clearly identify employees or classes of employees with access to protected health information. A contingency plan should be in place for responding to emergencies. A goal of identifying potential security violations. Audits should be both routine and event-based. Procedures should document instructions for responding to security breaches.
  2. Physical - control of access to protect against inappropriate access to protected data. Access to health information should be carefully controlled and monitored. Access to hardware and software must be limited to properly authorized persons.
  3. 3. Technical - controlling access to computer systems containing protected health information. Information systems housing containing protected health information protected from intrusion.

Copyright © 2005 Medical Billing Information. Send comments here.