Standards

There are four standards or rules that are crucial for HIPAA compliance: privacy rule, identifiers, transactions and code set rules and security rule. Every healthcare provider must prove and show evidence that they are complying with regulations. The Covered Entity must have a manual of Policies and Procedures that comply with HIPAA requirements. They must show evidence that every employee has read the Policies and Procedures and has agreed to abide by them.

Privacy Policy: Healthcare providers create records of patient care and services when you visit the doctor or hospital. The records and billing information are kept on various media including computers, paper and films. The information is accessible to personnel and members of the medical staff. HIPAA ensures safeguards to limit improper use of or access to these medical records. The providers are required by law to protect your privacy and the confidentiality of your medical records. Healthcare providers have privacy officers who are responsible for enforcing the rules and regs of HIPAA and also for listening and investigating complaints. As a patient, you will be asked to sign in writing a Notice of Privacy Practices. The Notice of Privacy Practices will inform you of all regulations referring to the HIPAA law.

Identifiers: Health plans assign identification numbers to health care providers. The National Provider Identifier is a unique number for health care providers that are used by all health plans. The number in the administrative and financial transactions are specified by HIPAA. NPI’S are given to health care providers that need them to submit claims or conduct transactions that are required by HIPAA. If the health care provider utilizes HIPAA electronic transactions, then they must comply with NPI. Numbers are assigned after the provider completes a NPI application.

Transactions and Code Set Rules: This rule was released in August 2000 and updated in May 2002; it took effect on October 16, 2003. The regulations associated with TCS Rule mandate uniform electronic interchange formats. These uniform formats for providers, employers and patients under the Identifier Rule is expected to provide the desired medical efficiency that is identified under the administrative simplification mandate under HIPAA. The Privacy Rule protects health information (records, billing) for the patient whereas the TCS Rule protects medical information in the electronic form. Before HIPAA was enacted, there was a lack of common standards when processing and dealing with medical interactions among providers. HIPAA enforces common standards to encourage efficiency and savings in the medical field. TCS Rule encompasses the following electronic formats:

• Health Care Claims
• Eligibility for Health Care
• Referral Certification and Authorization
• Health Care Claim Status
• Enrollment and Disenrollment
• Payment
• Health Plan Premium Payment
• Coordination of Benefits

By implementing the elaborate electronic data interchange standards, patients and providers should realize the benefits from the standardization of medical records and billing.

Security Rule: The Security Rule took effect in April 2005. The Security Rule has a broader goal than the confidentiality focus of the Privacy Rule. This standards goal is to assure integrity and availability of electronic transactions. It addresses issues such as data backup, disaster recovery of information and emergency operations. The requirement of the Security rule can be stated as such: providers that collect, maintain, use or transmit in electronic form must implement administrative, physical and technical safeguards that ensure integrity, availability and confidentiality of medical information transactions. In simple terms, the provider must provide protection against reasonable threats or hazards related to electronically transacted medical information. These safeguards must also ensure compliance with the requirements as related to HIPAA. Providers must continually reevaluate security provisions is lieu of new technological advancements.

The Health Insurance Portability and Accountability Acts required the Department of Health and Human Services to establish national standards for the security of electronic health care information. The standards that have been imposed assure covered entities (health care providers) will protect the confidentiality of electronic protected health information.