Medical Software Associates
Medical SoftwareDiscover Medical Software Associates' software productsOur medical software solutionsSupport is a key part of Medical Software Associates' service offeringsTraining servicesAbout Medical Software AssociatesContact us today!


 HIPAA Issues FAQ  

 © 2001-2011
 Medical Software Associates.

 Contact Us
 Request A Demo CD
 Site Map

Free EMR, Practice Management Medical Software Demo
Free EMR with Stimulus Package. Click here!
Click here to see our EMR video demo.


HIPAA Is Now Law - Is Your Practice Ready?

Medical Software Associates continues to monitor the guidelines established by HIPAA legislation. As a company, we are committed to being HIPAA compliant, to meet the deadlines established for this compliance, and to assist our customers as they move towards compliance. Medical Software Associates has already customized its software in order to align with the ANSI X12 and V4010 transaction format mandated by HIPAA.

Additionally, we have taken the following steps:

  • Medical Software Associates is working closely with our Providers to help determine data deficiencies based on the standards required by HIPAA.
  • We have developed timelines with our partners regarding transaction standards.
  • Our software's claim edits function is being evaluated to ensure complete compliance with defined HIPAA guidelines.
  • Our partners have begun to implement HIPAA compliant encryption for Internet transactions.

As the HIPAA guidelines are finalized, we will determine the correct actions and resources needed to meet the established standards.

The Health Insurance Portability and Accountability Act of 1996

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes seven distinct sets of rules that will affect your practice. The DHHS, or Department of Health and Human Services, issues these in the form of the "Notice of Proposed Rule Making" or NPRM. What this notice states is that every practice, regardless of size, must comply with HIPAA privacy, security and transactional regulations. What's more, all subsequent regulations must also be adhered to.

As its title suggests, the HIPAA was signed into law in 1996. But, as of 2002, only the portability aspect of the bill (which protects people with current or pre-existing medical conditions when they apply for health insurance) has been fully implemented. Now, the accountability aspects of the law are beginning to be properly addressed.

Taken as a group of regulations, the HIPAA standards require major changes to how healthcare organizations handle information management, including coding, security, patient record management, reimbursement and care management. Its provisions include stringent codes for uniform transfer of electronic data, including routine changes and billing. Also of note are new patient rights regarding their personal health information, including the right to access this information and to limit its disclosure. There are also specific procedural, physical and technological security protections which all health care organizations, including physician practices and clinics, must take to ensure their patients have required confidentiality with regards to their medical information.

Savings In Uniformity
In 1996, Congress recognized the savings and cost potential of standardizing electronic claims processing. The mandate Congress provided, then, was that the overall financial impact of the HIPAA not only reduce costs, but protect the privacy and security of patients. With this in mind, the financial assessment of the privacy regulation includes a ten-year $29.9 billion savings for the recent electronic claims regulation, and a projected $17.6 billion in costs projected for privacy regulation. The goal of this is to produce a net savings of approximately $12.3 billion for the healthcare delivery system while improving the efficiency of healthcare and privacy protection.

Every physician practice in the United States will have to comply with these regulations, beginning with the transactions standards (i.e., the rules standardizing electronic data exchange of health-related information) in the fall of 2002, (or 2003 for small plans and practices). The privacy regulations will take effect in February 2003, and the security rules, while they've not yet been released, should be published shortly.

The proposed HIPAA Privacy regulation had applied only to electronic records and to any paper records that had at some point existed in electronic form. The final regulation extends protection to all types of personal health information created or held by covered entities, including oral communications and paper records that have not existed in electronic form. This creates a privacy system that covers virtually all health information held by hospitals, physician practice providers, health plans and health insurers.

HIPAA General Q&A

Who must comply with HIPAA?
All healthcare providers, health plans, payers, clearinghouses, and other entities that process health data must comply.

The regulations frequently refer to "electronic" communication. What media falls into that category?
The HIPAA regulations apply to all communication that is stored or transmitted electronically, or that has been stored or transmitted electronically in the past. Media includes, but is not limited to, computer databases, tapes, disks, telecommunications, fax, Internet and networks.

When do organizations have to comply with the standards?
Organizations have 24 months to comply with the Standard once it has been officially adopted.

Is there any special consideration for small plans for complying with the standard once it is adopted?
Yes. Small plans will have 36 months to comply after the standard is adopted.

How is a small plan defined?
DHHS proposes define a Small Plan as one with fewer than 50 participants.

Does a Health Plan have to accept transactions?
Health Plans may not refuse to accept standard transactions that are submitted electronically.

Can health plans delay payments for transactions submitted electronically according to the standard?
There will be no delay of payments by the health plans because the transactions are submitted electronically in compliance with the standards.

I am an employer and I provide on site healthcare for my employees. Do these HIPAA standards apply to me?
Yes. When an employer acts in the role of a health plan or health care provider, the employer must comply with HIPAA standards.

I am an employer and I do not provide on site healthcare for my employees. Do these HIPAA standards apply to me?
No. The HIPAA standards do not apply to you as an employer since you do not act in the role of a health plan or health care provider. Employers can voluntarily choose to use HIPAA standard transactions to expedite their health plan activities, such as enrollment.

Is HIPAA a way for the government to create one large database with everyone's health information?
There is no provision in HIPAA law to create, or to propose to create, such a database. HIPAA is designed to reduce cost and administrative burden. HIPAA recognized the significance of protecting personal health information. New security standards and more privacy legislation are intended to protect the confidentiality of health care information.

I am a physician. I do not own a computer. Do I have to buy a computer?
There is no requirement under HIPAA that you must own a computer. However, you may want to use a computer when you submit and receive transactions. In the future, this is likely to become the standard means for managing healthcare business.

Why have there been DHHS delays in publishing the final HIPAA regulations?
Once a proposed rule is approved by the government, the public is given the opportunity to comment on the proposal, and those comments must be considered in development of the final rules. Most of the proposed HIPAA regulations generated thousands of public comments, and the time required to review and consider them has slowed the publication of the final rules.

Strategies & Solutions To Address HIPAA Requirements

The HIPAA standards will require major changes in how healthcare organizations handle all facets of information management, including reimbursement, coding, security, patient records and care management. Every practice in the United States will have to comply with these regulations, beginning with the transactions standards (i.e., the rules standardizing electronic data exchange of health-related information) in October of 2002 (or 2003 for small plans and practices). The privacy regulations will take effect in February 2003, and the security rules, while not yet released will be published shortly.

An Important Note
Acquiring technology will not make you HIPAA compliant. In fact, it is important that you do not automatically delegate HIPAA compliance to your information technology (IT) consultant or vendor, as this labels the compliance as a technology issue. It is not. Instead, HIPAA is a practice-wide issue, and properly addressing it demands the focus and commitment of your entire organization, from the physician, to office administrators, nurses and clerical personnel.

Medical Software Associates does track HIPAA legislation, and will work with you to ensure our products are effectively integrated into your HIPAA compliance plan. Additionally, we can provide you with HIPAA information and checklists that will help you better structure your HIPAA program.

Security Notes
It is important to remember that there is no such thing as "absolute" security. This is why it is critical to take a flexible approach when it comes to security technology. The technology is completely scalable, and an approach can be taken which is targeted directly to the size and complexity of your organization. It is critical also to document all procedures. Documenting policies and procedures that are not followed consistently creates liability. For more information, please see

Contact us here, or click here to request a free demo CD.

Or, browse the rest of our site with the links below.

Electronic Medical Record
Electronic Health Records | EMR Software
Appointment Scheduling Software | EMR System
Practice Management | Electronic Patient Records
Medical Records | Patient Medical Records
Electronic Medical Billing
Electronic Medical Record System
Practice Management Software | EMR Software Benefits
EMR Features  | EMR Benefits
Medical Records Management
Medical Billing Software | Medical Billing
Practice Management Systems | Medical Record Software
Computerized Medical Records | Healthcare Software
EMR Systems
Medical Practice Management | Medical Billing Software
Appointment Software | Medical Records Software
Electronic Medical Records Software
Electronic Medical Record System Advantages
Electronic Medical Records Companies
Electronic Patient Record


What's New

Electronic Medical Records
Read about our easy-to-use, CCHIT-certified patient record and office workflow system.

Medical Billing Software
Managing your own billing saves time and costs. Read more here.

Medical Software Features
Our comprehensive practice management software system feature guide.