Behavioral Health Behavioral Health	John P. Murtha Cancer Center Cancer Center Breast Center Clinical Trials Gynecologic Oncology Hematology Oncology Orthopaedic Oncology	Pediatric Oncology Prostate Center Patient & Family Support Radiation Oncology Surgical Oncology	Dentistry Dentistry Hospital Dentistry Pentagon Dental Clinic Primary Care Dentistry	Emergency Medicine Emergency Medicine
Eye Care Ophthalmology Optometry	Inpatient Services Mother Infant Care Center Neonatal Intensive Care Unit	Medical Home Internal Medicine/ Medical Home Laboratory Services	Medicine Medicine Allergy, Immunology, & Immunizations Cardiology Dermatology Endocrinology, Diabetes, & Metabolism Executive Medicine	Gastroenterology Hematology - Oncology Infectious Diseases Nephrology Neurology Pulmonary Rheumatology Sleep Clinic
Obstetrics/Gynecology Obstetrics/Gynecology Gynecology Obstetrics Prenatal Assessment Center	Orthopaedics & Rehabilitation Orthopaedics & Rehabilitation Amputee Care Chiropractic Clinic Occupational Therapy	Orthopaedic Surgery Physical Therapy Prosthetics & Orthotics Traumatic Brain Injury	Pediatrics/Adolescents Pediatrics/Adolescents Adolescent Medicine Armed Forces Center for Child Protection Children's Subspecialty	Exceptional Family Member Program Neonatology Pediatric Hematology-Oncology Pediatric Primary Care
Pharmacy Pharmacy FAQs Pharmacy Refill (Army) Pharmacy Refill (Navy) Poison Prevention	Radiology 3-D Medical Applications Center (3DMAC) Breast Imaging Diagnostic Radiology Nuclear Medicine Radiation Oncology	Readiness Readiness Active Duty Medical/ Dental Records Medical Readiness Operational/Deployment Health Service	Surgery Surgery Anesthesia Audiology & Speech Cardiothoracic Surgery General Surgery Neurosurgery Oral Maxillofacial Surgery	Otolaryngology Plastic Surgery Transplant Surgery Trauma/Acute Care Surgery Urology Vascular Surgery

Patients &
Visitors

Patients

Appointments

Healthcare Resolutions

HIPAA

Patient Relations

Patient Rights

Patient Support

Patient Visiting Hours

Pharmacy

TriCare

Visitors/Staff

Dining

Directions & Transportation

Child Development Center

Command Duty Office

Lodging

Morale, Welfare & Recreation

Parking

Pastoral Care

Navy Personnel Support Activity Detachment

Security

Tenant Commands

Business

Acquisition Management

Equipment Management

Staff Judge Advocate

Supply Chain Management

Careers

Civilians

Graduate Medical Education

Military

Naval Postgraduate Dental School

Nursing

Volunteer

Research &
Education

Education

Graduate Medical Education

Naval Postgraduate Dental School

Research

3D Medical Applications Center

Research Programs

HIPAA

All Site Content

HIPAA > FAQs

HIPAA Frequently Asked Questions (FAQs)

GENERAL

What is HIPAA?
What are the benefits of HIPAA?
How are standards in health care information helpful in improving health care?
Who is affected by HIPAA?
What does HIPAA mean for patients?
What does HIPAA mean for staff?
What are the boundaries on medical records and health information?
What does HIPAA require for the protection of health care data?
What is the impact of HIPAA on Information Technology?
What are the penalties for non-compliance and who can be held liable?
Where can I get the latest information on HIPAA?

PRIVACY

How will WRNMMC’s patients be affected by the Privacy regulation?
How are providers affected by the Privacy regulation?
What is considered PHI under HIPAA?
What is Individually Identifiable Health Information?

TRANSACTIONS AND CODE SETS

Why have national standards for electronic health care transactions been adopted and why are they required?
What health care transactions are required to use the standards under this regulation?
What are the benefits of HIPAA transactions?
What is a code set?

GENERAL

What is HIPAA?

HIPAA is The Health Insurance Portability & Accountability Act of 1996. It has four main goals:

To protect the insurability of workers and their families when they change or lose their jobs
To simplify health care administration
To protect the privacy and security of individual health information
To standardize electronic communications of patient health-related information

Specifically, the Administrative Simplification or Title II provision of HIPAA mandates regulations in four areas:

Although some of WRNMMC’s practices will change as a result of the HIPAA regulations, in many cases these new regulations contain provisions that were already required by state law or were already a part of professional practice.

TOP

What are the benefits of HIPAA?

HIPAA was designed to provide many benefits to the health care industry. Some of HIPAA’s immediate benefits include:

Reduces the administrative burden and cost for providers and payers
Standardizes many of the administrative tasks in the health care
Simplifies the exchange of information and reduces paperwork
Patients will have more rights over their own health information
Increases protection of personal health information
Protects from fraudulent billing practices
Provides a more complete picture of health care and improves quality
Reduces overall health care costs

TOP

How are standards in health care information helpful in improving health care?

HIPAA standards will improve the health care system, and ultimately, benefit patients. By standardizing the electronic transmission formats and data elements used in health care data exchange there will be new opportunities to:

Make health data information more portable, making it easier for information to follow patients from provider to provider
Integrate fragmented information about a patient that may be stored in incompatible formats
More accurately compare health care data over time and between providers to better evaluate the quality of care

TOP

Who is affected by HIPAA?

HIPAA affects health care providers, but also the majority of their vendors and business partners. Specifically, Covered Entities must comply with the HIPAA regulations and they are defined as:

Providers – Providers who exchange claims electronically, e.g., physicians, MTFs, dental clinics, pharmacies
Health plans – e.g., TRICARE
Clearinghouses – e.g., companies that perform electronic billing, claims repricing
Business Associates – e.g., managed care support contractors, vendors, consultants and others – Although not specifically Covered Entities, they are also impacted by the HIPAA regulations.

TOP

What does HIPAA mean for patients?

WRNMMC will ensure patient confidentiality is maintained through secure networks and ensure employees have authorized access to patient information
WRNMMC clergy may inquire about patients to provide assistance, as long as the patient has not expressed that information concerning them not be released
WRNMMC will ask for patients’ permission in advance before releasing any protected health information (PHI) for any reason other than treatment, payment and health care operations

TOP

What does HIPAA mean for staff?

Staff must ensure that our desktop computer is secure when we are not using it or when we step away for any reason
Staff will only have access to a patient’s Protected Health Information (PHI) on a “need to know” basis (minimum necessary provision under the Privacy Rule)
We cannot discuss any patient information with someone who does not have a need to know
In disaster situations, when feasible, we can release PHI to other health care facilities if they are receiving patients from the same disaster

TOP

What are the boundaries on medical records and health information?

With few exceptions, such as appropriate law enforcement or public interest needs, patients’ PHI may only be used for treatment, payment and health care operations (TPO).

Health information covered by HIPAA generally may not be used for purposes not related to health care, such as:

Disclosures to employers to make personnel decisions
Disclosures to marketing agencies without explicit authorization from the patient

TOP

What does HIPAA require for the protection of health care data?

Security risk assessment, management, mitigation in four categories:

Administrative Procedures and Physical Safeguards such as:

Password management
Virus protection on PCs
Clean desk awareness
Use of screensavers
Control access to departments
Lock PCs when you walk away
Maintain confidentiality of faxes, printouts, and reports
Lock bins, drawers and files
Restrict oral communication about patients/families to work areas and away from hallways, elevators and other public areas

Technical Security Services and Technical Security Mechanisms such as:

Unique user login ID
Access restriction
Data authentication to ensure data is not altered or destroyed with inappropriate access
Transmission security with external transmission of data
Entity ID verification

TOP

What is the impact of HIPAA on Information Technology?

Information Technology is a key enabler of the business process for most health care organizations, and, for the most part, this role will continue under HIPAA.

More true now than ever before, emphasis will be placed on IT for adherence to HIPAA regulations. IT may get the role of "watchdog," the failsafe that ensures a certain level of compliance, even if rote process is breached. In addition, some specific new responsibilities will fall on ITS. In particular:

The ITS department will assume by default the requirement of recording access to PHI.
ITS and Legal will interact more frequently as Legal works to ensure their requirements are sufficiently addressed.
WRNMMC will become acutely aware of the security of IT systems and software. Since HIPAA mandates the patient’s privacy and confidentiality, the security of IT systems will draw the attention and become of paramount importance to everyone.

The media's portrayal of Hackers may now alight upon the patient recollection as they are "Mirandized" with the new security and privacy portion of the admissions process.

TOP

What are the penalties for non-compliance and who can be held liable?

For unintentional violation of the HIPAA regulations, the Department of Health & Human Services can levy:

A fine of $100 per violation and a maximum of $25,000 per year

For intentional violation of the HIPAA regulations, the Department of Justice can levy:

A fine up to $50,000 and 1 year of prison for knowingly obtaining or disclosing PHI
A fine up to $10,000 and 5 years if done under false pretenses
A fine up to $250,000 and 10 years if intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm

Penalties may apply to the individual violator but they may also apply to the organization or even to its officers.

TOP

Where can I get the latest information on HIPAA?

For the complete HIPAA regulations, visit the Department of Health and Human Services.

To learn more about HIPAA insurance reform or HIPAA administrative simplification, visit Center for Medicare & Medicaid Services (CMS).

To learn more about what the Navy and TMA is doing to comply with HIPAA requirements, visit the TMA HIPAA site.

The WorkGroup for Electronic Data Interchange provides information and white papers on Transactions, Security and Privacy.

Questions about HIPAA regulatory compliance (transactions, code sets, national identifiers, and security) can be directed to the Centers for Medicare and Medicaid (CMS) at 410-786-4232 (local) or 1-866-282-0659 (toll-free).

TOP

PRIVACY

How will WRNMMC’s patients be affected by the Privacy regulation?

The Privacy regulation supports WRNMMC's commitment to keep patient information confidential. New patient rights were created, which include accessing and amending health information as well as filing complaints about privacy issues.

The NPP must include the following:

Uses and disclosures of Protected Health Information (PHI) for treatment, payment and health care operations (TPO)
Patients right to access, control and request restrictions on use
WRNMMC’s duties
Privacy complaints procedures
Privacy Officer contact information
Effective Date

TOP

How are providers affected by the Privacy regulation?

All providers, regardless of how Protected Health Information (PHI) is transmitted, are required to comply with the privacy regulation.

TOP

What is considered PHI under HIPAA?

The privacy regulations cover all Individually Identifiable Health Information that is transmitted or maintained on paper, in an electronic format, or in a verbal medium.

Examples of PHI elements are:

Names
Geographic locations smaller than a state
Birth date (except for a year)
Telephone or fax
Email address
Biometric identifiers
Social security number
Medical record # or account #
Photographs
License number/VINs
URLs/IP address
Health plan beneficiary number

TOP

What is Individually Identifiable Health Information?

Information that is created or received by a health care provider, health plan, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past present or future payment for the provision of health care to an individual; and
Can identify, or be used to identify, an individual.

TOP

TRANSACTIONS AND CODE SETS

Why have national standards for electronic health care transactions been adopted and why are they required?

Congress and the health care industry have agreed that standards for the electronic exchange of administrative and financial health care transactions are needed to improve the efficiency and effectiveness of the health care system. National standards for electronic health care transactions will encourage electronic commerce in the health care industry and ultimately simplify the processes involved. This will result in savings from the reduction in administrative burdens on health care providers and health plans.

Today, health care providers and health plans that conduct business electronically must use many different formats for electronic transactions. For example, about 400 different formats exist today for health care claims. With a national standard for electronic claims and other transactions, health care providers will be able to submit the same transaction to any health plan in the United States and the health plan must accept it. Health plans will be able to send standard electronic transactions such as remittance advices and referral authorizations to health care providers. These national standards will make electronic data interchange a viable and preferable alternative to paper processing for providers and health plans alike.

TOP

What health care transactions are required to use the standards under this regulation?

As required by HIPAA, DHHS is adopting standards for the following administrative and financial health care transactions:

Health claims and equivalent encounter information
Enrollment and disenrollment in a health plan
Eligibility for a health plan
Health care payment and remittance advice
Health plan premium payments
Health claim status
Referral certification and authorization
Coordination of benefits

Standards for the first report of injury and claims attachments (also required by HIPAA) will be adopted at a later date.

TOP

What are the benefits of HIPAA Transactions?

Reduce the cost of a typical paper transaction ($5-$15 per claim) to anywhere from $0.85 to $1.25 per electronic transaction
Reduce delays because of scanning and re-keying
Accelerate transaction delivery via secure networks
Eliminate costs for handling and storing paper documents
Create efficiencies with easier data sharing, record portability and automated business processes
Reduce errors in claims data entry and the elimination of re-entry of the same data lowers administrative operating costs and increases staff productivity
Faster submission of claims results in quicker payments and reduced receivables which improves cash forecasting and cash flow

TOP

What is a code set?

Codes to identify various diseases/injuries/impairments, inpatient and outpatient procedures, drugs/biologics, and medical supplies such as orthotics, prosthetics, durable medical equipment and dental services are included under HIPAA.

TOP

	Home \| About Us \| FAQs \| Contact Us \| Site Map
	Privacy and Security Notice \| FOIA Service Center \| Accessibility Statement \| Web Policy \| External Link Disclaimer
	Walter Reed National Military Medical Center 8901 Wisconsin Avenue \| Bethesda, MD 20889-5600 1-800-526-7101 \| (301) 295-4000

HIPAA

Contact