HIPAA Guide
Some people would have had the experience of having to deal with all the laws, rules and regulations which come under HIPAA or the health insurance portability and accountability act. This act has brought about a revolution in the field of health care and also the way in which data regarding health care has been managed. This act has also made the lives of people much easier by making the process of the changing of insurance companies and the procurement of new insurance policies much more simpler.
The most common way in which people come across HIPAA is when they have to sign release forms before going through with any kind of medical treatment. The signing of this form will give the health care center the right to share your medical information for the main purpose of administering the right kind of treatment. Before undergoing any kind of medical test like an X-Ray, the patient is required to sign a HIPAA form, which will give the health care center, the necessary permission to share the medical information with regard to the patient. The sharing of medical information will be an illegal procedure if the patient has not signed the HIPAA form. Even after the patient has signed the HIPAA form, the sharing of the medical data of the patient will only be permitted when it is really essential in order to administer the right kind of medical treatment for the patient. In this manner, HIPAA will ensure that all the medical records of the patient have been taken care of and protected in the right manner.
HIPAA also provides protection for the patient in the field of medical insurance coverage. People would normally lose their medical insurance coverage when they are changing their jobs and they would have to once again apply for medical insurance coverage when they are starting a new job in a new company. When a new medical insurance policy is being taken, the medical insurance company will create certain exclusions depending on any pre-existing medical conditions. But under the new regulations of HIPAA, the person gets credit from the coverage, which has been provided by the previous medical insurance policy. Now people can change companies as well as medical insurance policies without having to go through any kind of exclusion period due to their pre-existing medical conditions. This kind of benefit is very useful for people who have a sick member in the family who require medical attention. The maximum amount of premium, which can be paid by a person who has a sick family member, is also being regulated by HIPAA.
HIPAA is a set of rules and regulations which take care of the privacy of the medical information of people and it also provides people with the right kind of protection when they are change their medical insurance companies. The impact of HIPAA is dependent on the length of time for which medical insurance coverage has been provided under the previous health insurance program.
HIPAA is the abbreviation for the Health Insurance portability and Accountability Act of 1996. This act comprises the benchmarks or the standards, which need to be followed when it comes to dealing with data and information regarding the medical history of a patient, which is extremely sensitive. This act will ensure that no medical information regarding a patient, which is confidential, will be revealed without their consent or permission. This act has been devised by the department of Health and Human Services. These rules and regulations, which have been created with respect to the privacy of the patient information, are known as HIPAA.
There are many rules and regulations, which come under HIPAA with regard to the transmission of medical information of the patient in an electronic format. There are also many rules and regulations which come under HIPAA which need to be followed by companies which are offering services in the field of medical transcription.
The rules and regulations which come under HIPAA apply to all health care plans, health care providers who send and receive medical records of patients in an electronic format, health care clearing houses and all companies which are involved in the processing of medical bills. All companies, which are providing medical transcription services, should make sure that all the medical information regarding each patient has been stored in a safe and secure manner. There should be a clear and proper record regarding the people who have access to the private medical information of all the patients. Any kind of new technology, which is available, should be used in order to protect the privacy of the medical information of these patients. All the data should be stored in a safe and secure manner with the help of a password.
The main purpose for the enforcement of this act is to ensure that health information about patients is not distributed freely. This also takes care that other private information regarding the patient like the name, address, telephone number or social security number is not revealed to anyone.
Nowadays medical transcription work is being outsourced to people who are professionals in the field of medical transcription and some of these people are based in countries, which are outside USA. The files are sent and received through the medium of the Internet. According to the rules and regulations, which have been enforced by HIPAA, all the files, e-mails and voicemails should be sent as well as received through the Internet only after the process of encryption has been completed. Otherwise an extremely secure FTP site should be used in order to send and receive the files. In case the documents are being faxed, a disclaimer statement should be attached which will highlight the importance of keeping the information confidential. But if the documents are being dictated through the telephone, then the process of encryption will not have to be performed.
All health care plans, companies providing health care services and those who send and receive medical records in an electronic format, health care clearing houses and companies which are involved in medical billing should abide by these rules which have been enforced by HIPAA.
In 1996, the US congress enforced the Health Insurance Portability and Accountability Act or HIPAA. This law has brought about a lot of changes in the field of administration of health care as well as the management of information systems in health care. This act is actually a federal law and amendments have been made according to the Internal revenue code of 1986 which helps in providing portability as well as continuity of health insurance, reducing the amount of fraud as well as abuse of the health insurance as well as the health care industry, encouraging the use of medical savings accounts and also providing people with access to good quality as well as long term health care. This law also tries to simplify the process of medical insurance.
HIPAA has been created in order to create some standards in the method of exchange of information regarding patients and also trying to prevent any unwanted revealing of the private medical information regarding patients. This is relevant to medical information which is either available in the form of paper or in the electronic format. According to HIPAA, all healthcare organizations should adhere to certain specific rules and norms. An administrative simplification title should be provided in order to avoid any kind of health care abuse and fraud. This title will include many laws and standards, which pertain to Electronic Health Transactions Standards, Privacy & Confidentiality Standards, Unique Health Identifiers, and Security & Electronic Signature Standards.
The laws and standards, which are found in HIPAA, are applicable to all companies and organizations, which are, involved in the field of health care like health care plans, public and private payers, health care insurers, HMOs, Medicare, Medicaid, group health plans, health care clearinghouses, all people and organizations which are involved in the processing of non-standard formatted health information and prepare it according to the right standards, health care providers, people who are involved in the electronic transmission of health information, people who receive medical information about people, people who are involved in the maintenance of the electronic transmission of medical information.
When an organization does not abide by the rules and regulations of HIPAA, the everyday activities of the organization will get disturbed. They also might have to incur some costs due to this. The most sever results of not abiding by the rules of HIPAA include not being able to conduct your business smoothly as well as the loss of a major chunk of business. Some sanctions will also be imposed by the government on such companies. The fine, which will have to be paid for not following the rules, and regulations, which come under HIPAA, include $100 for each person and for every violation and this can be increased until $25000 in a year. When medical information regarding the patient has been disclosed with the complete knowledge of the organization, then a fine of $50000 can be imposed for every violation and this can also include imprisonment and a fine of $250000 can be imposed along with a ten year imprisonment if the intention behind revealing the information has been to make to make use of the information for some commercial purposes.
There are many people all over the world who continue to work in the same job for an indefinitely long period of time because they are afraid that they will lose their medical insurance coverage if they decide to shift their jobs. There are many people who have a sick family member in the house who will be in desperate need of their medical insurance coverage. Previously when medical insurance plans were taken, there was a clause in them that permitted certain known medical conditions to be excluded from the medical insurance coverage for a certain period of time. In 1996, the US congress enforced the Health Insurance Portability and Accountability Act. Title One of this act provides medical insurance coverage for people who are shifting their jobs.
People, who are worried about how their medical insurance will be affected when they change their jobs, should definitely take time to consult the human resources department in their office. They will help you in understanding the impact that a job shift would have on your medical insurance. A certain amount of protection is provided by HIPAA for people who would like to shift their jobs. The period of exclusion will vary depending on the individual circumstances of each person. It is quite likely that every person will have to face a certain period of exclusion from his or her medical insurance policy for a particular time period. But this exclusion time period would have been indefinitely long if HIPAA had not been enforced.
If there have no previous intervals in your health insurance coverage, then the length of the exclusion period will be as minimal as possible. If there has been any kind of intermission in the medical insurance coverage within a period of the last two years then this could also have an impact on the medical insurance coverage, which you are likely to receive in the future. A time period of 63 days has been considered to be a reasonable break in the time period for insurance coverage.
If the new company or the new employer has provided a medical insurance which has an exclusion period of twelve months and you have had medical insurance coverage for the last seven months from your previous company with a break of 65 days before that, the medical insurance coverage which was available for the period preceding those 65 days will not be available in the form of credit during the exclusion period of the medical insurance coverage. But the seven months of medical insurance from the previous employer will be counted in the form of credit against the twelve months medical insurance, which is being provided by the new company, and this will reduce the period of coverage to five months.
The rules and regulations with regard to medical insurance coverage can be quite confusing but it is very important to have a clear and complete understanding of all these rules and regulations so that you can ensure that every member of your family gets the right kind of medical care in the event of any emergency
Many people all over the United States of America have a vague knowledge about HIPAA or the Health Insurance Portability and Accountability Act. But people are under the misconception that the rules and regulations, which come under HIPAA, are only applicable to medical institutions and other related companies. But the real fact is that HIPAA has some kind of impact on the lives of each and every person.
Insurance companies – The rules and regulations that come under HIPAA will be largely applicable to all insurance companies. The method in which they create new insurance policies will have to be changed and special provisions will have to be made for people who have been shifting their jobs or people who have allowed their previous insurance policies to lapse. The guidelines, which come under HIPAA, have also made it easier for people whose previous insurance policies have lapsed to obtain a new insurance policy. This act has also taken care to ensure that people will still have their medical insurance coverage while they are shifting jobs. This act also makes sure that people who have submitted some claims for insurance will not be asked to pay a higher premium amount. All medical insurance companies have been asked to change their method of working with regard to HIPAA and the needs of people who require medical insurance are being taken care of in a better manner.
Medical facilities – The rules and regulations, which come under HIPAA, will also have a serious effect on all facilities where medical services are being provided. These rules should be followed by small clinics and also large hospitals. The main aim of applying these rules to all hospitals is to ensure that all the medical data and information regarding the patients is stored as well as transmitted in a secure and safe manner. Proper procedures have been laid out regarding processes, which need to be carried, and the appointment of people in posts where HIPAA rules need to be strictly followed is one of the most important changes, which have been brought about due to the implementation of HIPAA. There are certain safety regulations, which need to be carried out in order to ensure that all the medical data and records, which are stored in an electronic format, will be completely safe and secure. All the necessary medical information should be recorded and stored in a careful manner and an audit of all the information, which has been stored, should be conducted on a regular basis.
Individuals – Every person will experience the impact of HIPAA in some manner or the other. This is usually dependent on the circumstances of each person but every person who requires some kind of medical care or attention will come under the scrutiny of HIPAA. All the data and records regarding the medical history of a patient including the details regarding the method of payment should be kept confidential. But this has increased the amount of medical documentation, which needs to be performed by all medical institutions as well as the patient.
In June 2009, a young mother of three children was sentenced to imprisonment for publishing the medical records of a woman who was HIV positive on her personal web page on the Internet. The state of Hawaii has pressed criminal charges against the woman stating that she has committed a class B felony by accessing a computer when she did not have the required authority and authorization. When further investigation was conducted into the case, it was revealed that the HIV positive woman and her sister-in-law had some disagreements between them and the woman who has publicized the medical records was a friend of the sister-in-law. She was working as a representative of patient services at the hospital where the HIV positive woman was coming for her checkups. She had pulled out the medical records of the patient from the computer at the hospital.
The medical records of the patient had been accessed three times in a time period of ten months. Once the employee learned regarding the medical condition of the patient, she posted the details on her personal page on My space. During the second posting, she stated that the patient was dying of AIDS. The patient made a complaint to the hospital authorities and the employment of the defendant was terminated after an investigation had been made into the matter. Once the case had been taken to court, a one-year jail sentence was handed over to the defendant. Despite the fact that justice had been served, many people still wonder as to what extent the hospital is responsible for the breach in security of medical records, which had taken place.
According to federal laws, health care providers should be imposed with fines when the medical records of patients have been disclosed to people who should have gained access to them in the first place. The privacy regulations, which come under the health insurance portability and, accountability act of 1996 or HIPAA, were actually enforced only on April 14 2003. The health information of all people will be well protected under this act and people will also get access to better quality health care. All kinds of health care providers, health care plans, health care clearing houses, which are responsible for the administrative and financial transactions of the health care system, will be covered under HIPAA.
Apart from the privacy regulations, the security rules which come under the health insurance portability and accountability act or HIPAA became effective on April 21 2005. These are the only rules regarding the usage and disclosure of information, which is extremely sensitive and confidential. The security rules of HIPAA with regard to the protection of information in an electronic format come under three main groups namely administrative safeguards, physical safeguards and technical safeguards. Some of the more important safeguards are the administrative sanction policy and the security awareness training safeguards.
According to the sanction policy, all employees should receive an official notification regarding the civil and criminal penalties, which they are likely to face for the wrong and incorrect usage of medical information. According to the security awareness training standards, all employees should take part in all the training programs with regard to security.
The Health Insurance Portability and Accountability Act of 1996 which is otherwise known in common circles as HIPAA has had an impact on people working in the field of healthcare, medical insurance companies and patients who are receiving medical treatment. This Act has been implemented keeping in mind the welfare of the patient and protecting their health insurance when they lose their jobs or when they change their jobs as well as protecting the privacy of the medical information of patients. Frauds in the field of medical insurance also get drastically reduced in this manner.
One of the main advantages of HIPAA is that patients have become more aware of their rights. Whenever a patient goes to a office of a doctor, clinic, hospital or counseling center, he should be given a copy off the policies which come under HIPAA and they should sign a statement stating that they have either read all the rules and policies or that they have not consciously not taken note of the new rules. Patients should be well aware of their rights when it comes to their medical records. Anyone who has access to their medical information should also be aware of their medical information can be used.
The laws that come under HIPAA will also protect the medical insurance coverage, which has been provided for patients. The medical insurance, which is being provided to an employee, should be continued when he is either shifting jobs or when he is looking for a new job. Before this law had been enforced, any medical insurance coverage, which was being provided to the company, was cancelled immediately when the employee was fired, laid off or when he quit his job. This left a lot of families in a helpless position when they did not have medical insurance coverage until they found a new job and got the required medical insurance coverage from the new company.
The HIPAA laws have been created in such a manner that they will protect the rights of people who already have a pre-existing medical condition. They will ensure that these people get the right kind of medical insurance, which they need in order to get the right treatment for their medical condition. Previously any employee who had a known medical condition would be provided with medical insurance coverage when they changed their jobs and shifted companies. A proper waiting period has been provided under HIPAA and a person who has any kind of health problems can be assured that he will get the adequate amount of medical insurance coverage, which is needed in order to administer his treatment. HIPAA ensures that all patients get the right amount of protection and the right kind of medical insurance coverage, which they will require and they will also ensure that the privacy of the medical records of the patient is maintained to the maximum possible extent. In this manner, patients feel comforted and rest assured that their rights are being protected and that they will be well taken care of.
All employees who work in organizations with regard to health care should have complete awareness regarding HIPAA and they should all the steps and precautions which are needed to ensure that they comply with all the rules and regulations, which come under HIPAA. In case any organization faces any difficulty in understanding the rules and regulations, which come under HIPAA, then they should immediately consult a lawyer. A complaint should be filed for any person or organizations to be prosecuted under HIPAA.
HIPAA is the health insurance portability and accountability act. This was enforced in the year 1996. This act will take extra care to ensure that all the medical information of patients is kept confidential. All administrative operations in the field of health care will also be made much more simple and this will also help in the reduction of costs as well as reducing the administrative work load. Though the word “reasonable” has mentioned many times in the contents of HIPAA, the employees of all health care organizations should take all the possible reasonable steps so that the medical information of all patients can be protected. Small medical health care centers do not have to take the same precautions as large health care centers and hospitals. There will be no regular inspection of health care facilities in order to check their compliance regarding health care regulations. A complaint will have to be filed with the office of civil rights and they will investigate the complaint further. The fines for non-compliance regarding rules and regulations will also be very high.
The medical information regarding every patient should be kept extremely confidential and private. The files and medical records of every patient should be kept safe and locked in a secure place and anyone who needs to access these files should have the required authorization. Charts of patients should not be left carelessly around where some unwanted entity could gain access to it. When enquiries regarding a patient are being made by telephone, then it should be done from some place where no one else can overhear the conversation and where the wrong information will reach the wrong ears. When medical records of patients are being removed from a particular location, then a proper record should be maintained and every record, which is being removed, should be signed off and accounted for. If a box is being used for the transportation of medical records from one location to another, then the box should be marked “confidential – medical records”. If the medical records of patients are being viewed through a computer then a screensaver should be used so that only certain people will be able to view all the patient records.
When the data or medical records of patients are being transferred in an electronic format, then all the correct procedures and practices should be followed. All the health care services, health care professionals, bulling services and clearing houses should take the right amount of security measures to ensure that the medical records of a patient are stored in a confidential and secure manner and no one can gain access to this information without the necessary authorization.
The US President Barrack Obama signed the American recovery and reinvestment act last month. This act is also known by the name of the stimulus package. But people are not aware of the changes, which this law will incorporate in the world of the security rules, which come under HIPAA or the health insurance portability and accountability act of 1996. Due to this change, all business associates should abide by the rules from now on and any kind of breach or misdemeanor should be reported and penalties should be implemented and damages should be claimed for any kind of violation of any of the rules.
The biggest change which has come about in the security rules of HIPAA is the number of organizations which come under the scrutiny of HIPAA or which will be known as covered entities under HIPAA. All the security rules, which will have to be followed by business entities, will also have to be followed by business associates. All business associates should also follow all the administrative, physical and technical safeguards, which come under the security rules of HIPAA. A security official will have to be appointed by every business associate and written procedures should be implemented and all the employees of the company should be trained in order to protect the privacy of the medical information of the patients. The data regarding the patients should be preserved in a safe and secure manner. A business associate can also be levied with all the civil as well as criminal liabilites, which are applicable to a covered entity under HIPAA.
The second change, which has been made under the security rules of HIPAA, is that every breach of security should be informed to the authorities. All covered entities and business associates under HIPAA should inform the concerned individual about any breaches in the privacy and security of their medical information. When the private medical information of a patient has been revealed to any outside source either intentionally or by accident, then the concerned person as well as the authorities should be notified immediately about the incident. The person can be notified either by regular mail or by e-mail depending on the preference, which has been stated, by him or her. When a security breach has taken place on a large scale, which means the details of 500, or more people have been revealed then a prominent media agency should also be informed about the leak in information. The department of Health and Human Services should also be notified of any breach in security and there is a separate individual website which has been opened in order to provide information regarding the breach in security of private information.
The penalties, which have to be paid in the event of a violation, have also been increased. The fine for every violation is $100 for every individual and it has been increased to $1000 for every individual. The fine which will be levied for willful neglect can be anywhere between $10000 to $250000.
HIPAA has led to sweeping changes to health care administration and information systems as health care organizations struggle to achieve cost-effective compliance by 2003.All health care entities that process health-related data are required to comply with the U.S. Department of Health and Human Services’ (HHS) Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The U.S. Congress designed the Health Insurance Portability and Accountability Act (HIPAA) in 1996. Title I of HIPAA safeguards health insurance coverage for workers and their families when they lose or change their jobs. According to title II of HIPAA, the Administrative Simplification (AS) provisions, necessitates the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The purpose of all these standards is to improve the efficiency and effectiveness of the nation’s health care system by encouraging the extensive use of electronic data transactions in health care.
HIPAA is designed to regulate the way all health care organizations electronically exchange sensitive patient data and to protect patients from illegal disclosure of their medical records (whether paper or electronic). It means that if personal information is stored on computer databases, tapes, disks, or transmitted with the assistance of faxes or the Internet, in addition to anything written down or talked about, steps must be taken to ensure a patient’s privacy.
Today a number of HIPAA products and services are being offered both online and offline, such as, online HIPAA training, privacy manuals and template policies, security manuals and template policies, security products, disclosure tracking systems, compliance consulting services, etc. All these products are designed basically to guide you through the formidable transition of HIPAA compliance and help you navigate the complex and tedious regulatory environment created by HIPAA.
The online HIPAA training is a very convenient tool to learn about HIPAA. Moreover, it is available whenever and wherever you have an internet access. The privacy manuals and template policies are the workbooks that will lead you through a careful assessment of your company’s Privacy compliance plan. The security manuals and template policies are those workbooks that will guide you through a careful assessment of your company’s Security compliance plan. The security products include network security scanning and automated online backup. The network security scanning or the HIPAA e-probe beats hackers to the punch by vigilantly probing your Internet connected systems for vulnerabilities before the hackers can find and exploit them. The automated online backup or the e-backup lets you control the configuration and operation of your entire organization’s backup system from a single location. Monitoring and administration of all backup and recovery tasks are controlled from a single workstation. The disclosure tracking systems are those software programs that are designed and developed to address the requirement of covered entities (health care providers, payers, and clearinghouses) to record the required elements for the patient’s right to an accounting of disclosures. The compliance consulting services include onsite consulting services and the business associate certification.
The Health Insurance Portability and Accountability Act or HIPAA, which was enacted by the US Congress in 1996, has introduced to sweeping changes in health care administration and information systems. HIPAA is a federal law that has been amended to the Internal Revenue Code of 1986 which intends to improve portability and continuity of health insurance; combat waste, fraud and abuse in health insurance and health care delivery; promote the use of medical savings accounts and improve access to long-term health care services and coverage; and simplify the administration of health insurance.
HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). Under HIPAA, there are specific standards that all health care organizations are required to adhere to. These standards include an Administrative Simplification Title that is aimed at preventing health care fraud and abuse. Within this title, there are several laws and proposed standards including Electronic Health Transactions Standards, Privacy & Confidentiality Standards, Unique Health Identifiers, and Security & Electronic Signature Standards.
These HIPAA laws and standards directly apply to the following groups of health care entities: health plans, public and private payers, health care insurers, HMOs, Medicare, Medicaid, group health plans, health care clearinghouses, any entity that facilitates the processing of non-standard formatted health information and must convert the non-standard data into standard transactions, or vice versa, Health Care Providers, providers who transmit health information electronically, providers who receive individual health information, and providers who electronically maintain health information used in electronic transmissions between entities.
Non-compliance with HIPAA regulations may cause disruptions in an organization’s day-to-day business processes, resulting in both tangible and intangible costs. The most serious implications of HIPAA non-compliance for health care organizations include the inability to effectively conduct electronic business and the potential of losing significant segments of business. The government also imposes some sanctions on those who fail to comply with the regulations of HIPAA. The penalty for failure to comply with regulations goes up to $100 per violation per person up to a maximum of $25,000 per year. Penalty for knowingly and wrongfully disclosing individually identifiable health information is up to $50,000 per violation or one year imprisonment or both for simple offense; up to $100,000 per violation or five years imprisonment or both if the offense is “under false pretenses”; and up to $250,000 or ten years imprisonment or both if committed with intent to sell, transfer or use for commercial advantage, personal gain or malicious harm.
Thus, the ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information. It helps to promote the modernization of health information systems. Becoming HIPAA-compliant is a challenging task because of extensive cross-departmental compliance and training requirements but it is an ongoing administration, privacy and security challenge that must be constantly addressed.