What is HIPAA?
One of the major issues confronting every medical practice that utilizes electronic distribution of patient information is the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the updates that have been made to the act. The purpose of this series of regulations is to protect the confidentiality of patient information that travels in the public network and to standardize coding for electronically transmitted patient insurance claims, enrollment, and billing information.
On February 20, 2003, Centers for the Medicare & Medicaid Services (CMS) published the final HIPAA Security Rule (Federal Register Vol. 68, No. 34). In its final form, the rule is more closely aligned with the Privacy Rule and focuses on security management rather than technology. This means that it should be easier for institutions to adopt new technologies and appropriately apply the standards based on the size and complexity of individual operations.
The Rule requires policies and procedures to prevent, detect, contain, and correct security violations of electronic records. Paper records are not addressed in the Security Rule, but remain subject to all of the Privacy Rule requirements. Some of the standards covered by the rule now are deemed "required" and must be done, while others are labeled "addressable," allowing reasonable and appropriate measures for implementation.
The final Security Rule had a compliance date of April 20, 2005.
For more information you can go to CMS' website (http://www.cms.hhs.gov) or download Orchard's HIPAA guide from the Download Center on our website. To access the Download Center, sign into our website, and then click the Download Center link.
The Centers for Medicare and Medicaid Services (CMS) have begun the transition from HIPAA EDI standards X12 version 4010 to X12 version 5010 and full compliance is expected on January 1, 2012.
Patient ID Numbers
The Institute of Medicine has called for reconsideration of standardized Patient ID numbers as a way to improve the sharing of healthcare information among providers. The controversial Patient ID had previously been tabled during revision of the HIPAA code set regulations.
The National Committee on Vital and Health Statistics is requiring the adoption of ICD-10 codes by October 1, 2013, by any entity covered by the HIPAA act. This will ultimately be a big change as the number of codes will jump from 17,000 with ICD-9 to over 150,000 with ICD-10. The jump to ICD-10 coding will ultimately improve patient care, but the road to making it happen will not be easy.
Version 5010 accommodates the ICD-10 codes, and must be in place first before the changeover to ICD-10.
Sample Collection Dates
CMS requires sample collection dates when submitting orders. Without a collection date, differences in the date of service submitted by the lab and by the physician could result in delayed or, possibly, denied reimbursement. Fortunately, for those locations using Orchard® Harvest™ LIS, Orchard® Harvest™ Webstation, Orchard® Pathology, or Orchard® Copia®, compliance with this requirement is a snap.
The CMS Office of Civil Rights (OCR), the body responsible for the enforcement of HIPAA, has issued a new set of Frequently Asked Questions (FAQ) regarding the sharing of Protected Health Information (PHI). Go to the OCR website (www.hhs.gov/ocr/hipaa/) for more information about sharing PHI with patients’ relatives, sharing PHI for treatment, and many other topics. CMS also provides answers to many HIPAA questions on their own FAQ page, and you can even submit your own questions. Go to the CMS home page at www.cms.hhs.gov and follow the links.
Security Breaches from hhs.gov breach notification rule www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html
Interim final breach notification regulations, issued in August 2009, implement section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act by requiring HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act.
Obtain our Customer Guide to HIPAA from our online Download Center. To access the Download Center, sign in to the customer-only area of our website.
In addition, you may access our sample HIPAA Business Associate Contract. This sample document may be used by any Orchard customer as a template for an agreement between Orchard Software and our customers to ensure the security and confidentiality of patient demographic and patient testing information.
In late December 2000, the Health and Human Services department published the HIPAA Final Rule: Privacy Standards in the Federal Register. You may download a copy of the final regulation from the Health and Human Services website. If you do not want to download the 700 page document, you can order a copy of the regulation from the Superintendent of Documents at: (202) 512-2250.
We are advising you to continue to monitor HIPAA-related web sites and the trade press to watch for articles discussing the ramifications of this regulation.
Look for updates on our website and in our newsletter that will provide resources and additional information to help you prepare for HIPAA compliance.