HIPAA – Healthcare Insurance Portability And Accounting Act: Part II
Specifically 1995: HR-560, HR-756 and HR-1080 all sought to grant the federal government the means…
Specifically 1995: HR-560, HR-756 and HR-1080 all sought to grant the federal government the means to tracking health care information. Most recently HIPAA, the Healthcare Insurance Portability And Accountability Act, signed by President Bush in April of 2001 seems to expand the accessibility of personal and medical information to federal and state law enforcement and can pre-empt state law. HIPAA is a very complex law and will in all probability have many legal challenges along its path for full implementation by April of 2003. Within HIPAA, which addresses privacy issues, confidentiality and medical records has regulatory categories there are different time frames when each category is to be implemented, which include:
1. Transaction Standards: Effective 10/2002. This category deals with the method of electronic transmission of healthcare information through the use of specific management and HIPAA compliant software. Health information is any information, whether oral, recorded, or written in any form created or received by the healthcare provider, and relates to past, present or future physical, mental health or condition of the individual. It is also any past, present or future payment of the of healthcare to an individual. Subsection 160.202 of HIPAA.
2. Code Sets: This category deals with reducing the need for a multi coding system through the use of ICD-9 (diagnosis) and CPT-4 (treatment) codes. Once HIPAA regulation takes effect, local codes may no longer be used, but there may be a national standard coding system used by all providers.
3. Electronic Signatures: This category deals with your signature for electronic transmission of health information. This electronic signature will carry the same legal weight as you original hand written signature.
4. Health Identifiers: Early formative stages. This category deals with the creation of a national identification system and may replace your UPIN number to identify the healthcare provider.
5. Privacy Standards: Effective date up to 4/2003 with alterations. This category deals with individual identifiable health information, including demographic information collected from a individual and is created or received by a healthcare provider. It relates to the past, present or future physical or mental health or condition of the individual/patient. It includes, but not limited to chart notes, billing records, payment records, complete patient charts, all correspondence, all electronic information both written and oral. The provider must above all protect patient information and always obtain a consent and or authorization from the patient before releasing records or use patient information for other uses. There are exceptions, such as workers compensation, subpoenas and court orders necessary to comply with state laws. In addition, health information that does not identify an individual and there is no reasonable basis to
believe that the information can be used to identify the individual is another example of an exception. Found under: HIPAA subsection 164.514 and 164.514(1).
6. Security Standards: Draft form only to date. This category deals with electronic and all computer security to include your physical office place where patient files are stored. It may become necessary to modify your office to be compliant with record security.
Pre-Exemption: HIPAA, being a federal law, would normally pre-empt state law. However due to the complexity and the gray areas of HIPAA, it may become necessary to blend both federal and state law. HIPAA does have a provision that says: “If your state law is more stringent then federal law, state law would apply”. In order to determine this, all state confidentiality, privacy regulations and all required statutes that deal protection of health information must be compared to HIPAA law. If state law is more stringent (gives more privacy protection), it prevails. When state law is less stringent, that is, does not give the same level of privacy protection as HIPAA, then states are bound to follow federal HIPAA laws. However the state may petition the Department of Health and Human Services for an exemption. This must be done in writing and show a comparison of state law vs. federal HIPAA law. The explanation must be detailed and show what negative effects submitting to HIPAA would have on the state. There are some state laws that do pre-empt HIPAA, which include laws necessary to prevent fraud and abuse and ensure state regulations of insurance and health plans, workers compensation, public health, birth and death certificates, adoptions education and welfare. Patient information related to specific conditions that have social and economic implications, mental health, HIV/aids information.
Enforcement Of HIPAA: Congress established a two pronged approach to enforcement af all requirements established under HIPAA.
Civil Monetary Penalties:
1. $100. cap per person per violation
2. $25,000. cap per person per year for violation of a single standard for a calendar year
Any person who knowingly and What Vitamins Should I Take Daily For A Woman in violation of this part:
1. Uses or causes to be used a unique health provider identifier
2. Obtains individually identifiable health information
3. Discloses individually identifiable health information
Criminal Fines and Penalties:
1. Fines up to $50,000. and or imprisonment up to 1 year.
2. If under false pretenses, fines up to $100,000. and or imprisonment up to 5 years
3. If committed with intent to sell, transfer, or use information for commercial advantage, personal Healthy Habits List For Students gain or malicious harm, fines up to $250,000. and or imprisonment for up to 10 years.
How does HIPAA affect You?:
Each states situation is different and your individual compliance will be less than a large organization. You need to be aware of all state and federal laws concerning privacy, confidentiality, and release of medical records. This will affect all providers who treat and render care to patients. In the last 2-5 years there has been many legislative bills passed that most providers are not even aware of. To name a few, Consumer Internet Privacy Practice Act of 1999, Online Privacy Protection Act of 1999, Financial Information Privacy Act of 1999, The Freedom and Privacy Restoration Act of 1999, Medical Information Privacy and Security Act of 1999, the Medical Privacy Act In The Age of New Technology Act of 1999. Do you see a trend here? Compliance is no longer an option and it will affect all health care providers including the Chiropractic Physician.