HIPAA Issues FAQ
HIPAA Is Now Law - Is Your Practice Ready?
Medical Software Associates continues to monitor the
guidelines established by HIPAA legislation. As a company, we are committed
to being HIPAA compliant, to meet the deadlines established for this compliance,
and to assist our customers as they move towards compliance. Medical Software
Associates has already customized its software in order to align with
the ANSI X12 and V4010 transaction format mandated by HIPAA.
Additionally, we have taken the following steps:
- Medical Software Associates is working closely with
our Providers to help determine data deficiencies based on the standards
required by HIPAA.
- We have developed timelines with our partners regarding transaction
- Our software's claim edits function is being evaluated to ensure complete
compliance with defined HIPAA guidelines.
- Our partners have begun to implement HIPAA compliant encryption for
As the HIPAA guidelines are finalized, we will determine the correct
actions and resources needed to meet the established standards.
The Health Insurance Portability and Accountability Act of 1996
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
includes seven distinct sets of rules that will affect your practice.
The DHHS, or Department of Health and Human Services, issues these in
the form of the "Notice of Proposed Rule Making" or NPRM. What
this notice states is that every practice, regardless of size, must comply
with HIPAA privacy, security and transactional regulations. What's more,
all subsequent regulations must also be adhered to.
As its title suggests, the HIPAA was signed into law in 1996. But, as
of 2002, only the portability aspect of the bill (which protects people
with current or pre-existing medical conditions when they apply for health
insurance) has been fully implemented. Now, the accountability aspects
of the law are beginning to be properly addressed.
Taken as a group of regulations, the HIPAA standards require major changes
to how healthcare organizations handle information management, including
coding, security, patient record management, reimbursement and care management.
Its provisions include stringent codes for uniform transfer of electronic
data, including routine changes and billing. Also of note are new patient
rights regarding their personal health information, including the right
to access this information and to limit its disclosure. There are also
specific procedural, physical and technological security protections which
all health care organizations, including physician practices and clinics,
must take to ensure their patients have required confidentiality with
regards to their medical information.
Savings In Uniformity
In 1996, Congress recognized the savings and cost potential of standardizing
electronic claims processing. The mandate Congress provided, then, was
that the overall financial impact of the HIPAA not only reduce costs,
but protect the privacy and security of patients. With this in mind, the
financial assessment of the privacy regulation includes a ten-year $29.9
billion savings for the recent electronic claims regulation, and a projected
$17.6 billion in costs projected for privacy regulation. The goal of this
is to produce a net savings of approximately $12.3 billion for the healthcare
delivery system while improving the efficiency of healthcare and privacy
Every physician practice in the United States will have to comply with
these regulations, beginning with the transactions standards (i.e., the
rules standardizing electronic data exchange of health-related information)
in the fall of 2002, (or 2003 for small plans and practices). The privacy
regulations will take effect in February 2003, and the security rules,
while they've not yet been released, should be published shortly.
The proposed HIPAA Privacy regulation had applied only to electronic
records and to any paper records that had at some point existed in electronic
form. The final regulation extends protection to all types of personal
health information created or held by covered entities, including oral
communications and paper records that have not existed in electronic form.
This creates a privacy system that covers virtually all health information
held by hospitals, physician practice providers, health plans and health
HIPAA General Q&A
Who must comply with HIPAA?
All healthcare providers, health plans, payers, clearinghouses, and other
entities that process health data must comply.
The regulations frequently refer to "electronic" communication.
What media falls into that category?
The HIPAA regulations apply to all communication that is stored or transmitted
electronically, or that has been stored or transmitted electronically
in the past. Media includes, but is not limited to, computer databases,
tapes, disks, telecommunications, fax, Internet and networks.
When do organizations have to comply with the standards?
Organizations have 24 months to comply with the Standard once it has been
Is there any special consideration for small plans for complying with
the standard once it is adopted?
Yes. Small plans will have 36 months to comply after the standard is adopted.
How is a small plan defined?
DHHS proposes define a Small Plan as one with fewer than 50 participants.
Does a Health Plan have to accept transactions?
Health Plans may not refuse to accept standard transactions that are submitted
Can health plans delay payments for transactions submitted electronically
according to the standard?
There will be no delay of payments by the health plans because the transactions
are submitted electronically in compliance with the standards.
I am an employer and I provide on site healthcare for my employees. Do
these HIPAA standards apply to me?
Yes. When an employer acts in the role of a health plan or health care
provider, the employer must comply with HIPAA standards.
I am an employer and I do not provide on site healthcare for my employees.
Do these HIPAA standards apply to me?
No. The HIPAA standards do not apply to you as an employer since you do
not act in the role of a health plan or health care provider. Employers
can voluntarily choose to use HIPAA standard transactions to expedite
their health plan activities, such as enrollment.
Is HIPAA a way for the government to create one large database with everyone's
There is no provision in HIPAA law to create, or to propose to create,
such a database. HIPAA is designed to reduce cost and administrative burden.
HIPAA recognized the significance of protecting personal health information.
New security standards and more privacy legislation are intended to protect
the confidentiality of health care information.
I am a physician. I do not own a computer. Do I have to buy a computer?
There is no requirement under HIPAA that you must own a computer. However,
you may want to use a computer when you submit and receive transactions.
In the future, this is likely to become the standard means for managing
Why have there been DHHS delays in publishing the final HIPAA regulations?
Once a proposed rule is approved by the government, the public is given
the opportunity to comment on the proposal, and those comments must be
considered in development of the final rules. Most of the proposed HIPAA
regulations generated thousands of public comments, and the time required
to review and consider them has slowed the publication of the final rules.
Strategies & Solutions To Address HIPAA Requirements
The HIPAA standards will require major changes in how healthcare organizations
handle all facets of information management, including reimbursement,
coding, security, patient records and care management. Every practice
in the United States will have to comply with these regulations, beginning
with the transactions standards (i.e., the rules standardizing electronic
data exchange of health-related information) in October of 2002 (or 2003
for small plans and practices). The privacy regulations will take effect
in February 2003, and the security rules, while not yet released will
be published shortly.
An Important Note
Acquiring technology will not make you HIPAA compliant. In fact, it is
important that you do not automatically delegate HIPAA compliance to your
information technology (IT) consultant or vendor, as this labels the compliance
as a technology issue. It is not. Instead, HIPAA is a practice-wide issue,
and properly addressing it demands the focus and commitment of your entire
organization, from the physician, to office administrators, nurses and
Medical Software Associates does track HIPAA legislation, and will work
with you to ensure our products are effectively integrated into your HIPAA
compliance plan. Additionally, we can provide you with HIPAA information
and checklists that will help you better structure your HIPAA program.
It is important to remember that there is no such thing as "absolute"
security. This is why it is critical to take a flexible approach when
it comes to security technology. The technology is completely scalable,
and an approach can be taken which is targeted directly to the size and
complexity of your organization. It is critical also to document all procedures.
Documenting policies and procedures that are not followed consistently
creates liability. For more information, please see http://www.hipaa.org
Contact us here, or click
here to request a free demo CD.
Or, browse the rest of our site with the links below.
Electronic Medical Record
Electronic Health Records | EMR Software
Software | EMR System
Practice Management | Electronic Patient Records
Medical Records | Patient Medical Records
Electronic Medical Billing
Electronic Medical Record System
Practice Management Software | EMR Software Benefits
EMR Features | EMR Benefits
Medical Records Management
Medical Billing Software | Medical
Practice Management Systems | Medical Record Software
Computerized Medical Records | Healthcare Software
Medical Practice Management | Medical Billing Software
Appointment Software | Medical Records Software
Electronic Medical Records Software
Electronic Medical Record System Advantages
Electronic Medical Records Companies
Electronic Patient Record