HARK home page Arrow Left to Right Introduction to HIPAA
Health Insurance Portability and Accountability Act
NOTE: This is an educational document designed to assist entities in understanding and planning for HIPAA implementation.
This document is not a supplement for sound legal advice and should only be used as a guide. It is highly recommended that you review the Final Rule for all HIPAA requirements.
What is HIPAA?  An Original Idea to do Everything the Same.
HIPAA is comprised of several components aimed at reducing paperwork, improving efficiency of health systems, and insuring the protection of confidentiality and security of healthcare information.  Title II of HIPAA directly addresses administrative simplification, which is the heart of reform for the health insurance industry and the focus of this document.

So what does HIPAA mean to anyone in the healthcare industry?  In essence, administrative simplification establishes a set of standards that must be implemented so that the healthcare industry can receive, transmit and maintain healthcare information in a standard format, while ensuring the privacy and security of individual identifiable information.

Sounds simple, but depending on your current administration processes and technological capabilities, it can be quite an undertaking.  The purpose of this document is to provide you with an understanding of how HIPAA will affect you, your business associations, and your workflow, so that you can initiate preparations in taking needed steps towards implementing HIPAA requirements.
Chart
Benefits
Assessing the exact benefits of such a tremendous change is difficult, especially since a mandate of this magnitude has never been done in the history of healthcare.  However, the aggregate benefits of HIPAA can be visualized in the expected outcomes of standardization and simplification.

Despite initial implementation costs accrued the first year, the estimated combined savings for healthcare providers is 16.7 billion dollars between the years 2002 to 2011.

Office efficiency will improve with standardization of claim submissions and the requirement of standardized formats for patient information transmittal.

Converting to an electronic format for claims submission speeds information availability, and accrues long term savings compared to paper submission.

Electronic data transfer will also significantly improve customer service with reduced waiting for claim status, eligibility, and referral information.
Penalties
Noncompliance with any provision is a $100 fine per occurrence, with a maximum accrued fine amount of $25,000 per calendar year for an identical requirement or prohibition.  Each type of violation has its own $25,000 maximum.  Violate too many requirements, and you can be looking at annual fines in the hundreds of thousands to over a million dollars.

Individuals violating mandates may bear the burden of fines up to $250,000 and imprisonment up to 10 years, if the offense is committed with intent to sell, transfer, or use individually identifiable information for commercial advantage, personal gain, or malicious harm.  HIPAA disclosure mandates do not include the right of citizens to sue providers.
Business Changes
It is clear that HIPAA heralds change.  Every information system that uses, collects, or transmits patient information is affected by HIPAA.   Even if you submit paper claims, you are required to maintain the provisions of privacy and security as indicated under Title II Administrative Simplification, so what actions need to be taken?
Exploration
Gather key employees for a team to evaluate your current business processes, so that you can determine how much adjustment is needed to comply with HIPAA. Give specific attention to:
  • how claims are submitted
  • how patient records are maintained and communicated
  • how patient consent and authorization forms are maintained
  • how referrals are given or received
  • how chain of trust is maintained
Education
Familiarize your staff with the HIPAA requirements.

If you use a vendor or clearinghouse for claim processing, ask them how they are preparing for HIPAA, and what their progress is to date.
Assessment
Target systems or processes that need adjustment to meet HIPAA requirements.

Prioritize each recognized need to construct an implementation plan.

Discuss proposed changes with consideration to budget and time parameters.
Action and Maintenance
Implement the changes. Evaluate how the changes have affected other systems or processes. Update policies and procedures. Communicate updates, changes, and potential complications with staff.
Timeline for HIPAA
Implementation is not an overnight job.  Furthermore, compliance must be achieved within two years of the final ruling.  In other words, the sooner action is taken, the better.  Some final rules have been established and the compliance countdown is underway.
 
Transactions and Codes Sets: Compliance required by October 16, 2002.
Privacy: Compliance required by April 14, 2003.
Security: final rule not established.
National Provider Identifier: final rule not established.
National Employee Identifier: final rule not established.
National Health Plan Identifier: final rule not established.
Claims attachment: final rule not established.
Enforcement: final rule not established.
National Individual Identifier: on hold