:

HIPAA > FAQs
 
HIPAA Frequently Asked Questions (FAQs)

GENERAL

What is HIPAA?
What are the benefits of HIPAA?
How are standards in health care information helpful in improving health care?
Who is affected by HIPAA?
What does HIPAA mean for patients?
What does HIPAA mean for staff?
What are the boundaries on medical records and health information?
What does HIPAA require for the protection of health care data?
What is the impact of HIPAA on Information Technology?
What are the penalties for non-compliance and who can be held liable?
Where can I get the latest information on HIPAA?

PRIVACY

How will WRNMMC’s patients be affected by the Privacy regulation?
How are providers affected by the Privacy regulation?
What is considered PHI under HIPAA?
What is Individually Identifiable Health Information?

TRANSACTIONS AND CODE SETS

Why have national standards for electronic health care transactions been adopted and why are they required?
What health care transactions are required to use the standards under this regulation?
What are the benefits of HIPAA transactions?
What is a code set?

GENERAL

Light Bulb What is HIPAA?

HIPAA is The Health Insurance Portability & Accountability Act of 1996. It has four main goals:

  • To protect the insurability of workers and their families when they change or lose their jobs
  • To simplify health care administration
  • To protect the privacy and security of individual health information
  • To standardize electronic communications of patient health-related information

Specifically, the Administrative Simplification or Title II provision of HIPAA mandates regulations in four areas:

Although some of WRNMMC’s practices will change as a result of the HIPAA regulations, in many cases these new regulations contain provisions that were already required by state law or were already a part of professional practice.

TOP

Light Bulb What are the benefits of HIPAA?

HIPAA was designed to provide many benefits to the health care industry. Some of HIPAA’s immediate benefits include:

  • Reduces the administrative burden and cost for providers and payers
  • Standardizes many of the administrative tasks in the health care
  • Simplifies the exchange of information and reduces paperwork
  • Patients will have more rights over their own health information
  • Increases protection of personal health information
  • Protects from fraudulent billing practices
  • Provides a more complete picture of health care and improves quality
  • Reduces overall health care costs

TOP

Light Bulb How are standards in health care information helpful in improving health care?

HIPAA standards will improve the health care system, and ultimately, benefit patients. By standardizing the electronic transmission formats and data elements used in health care data exchange there will be new opportunities to:

  • Make health data information more portable, making it easier for information to follow patients from provider to provider
  • Integrate fragmented information about a patient that may be stored in incompatible formats
  • More accurately compare health care data over time and between providers to better evaluate the quality of care

TOP

Light Bulb Who is affected by HIPAA?

HIPAA affects health care providers, but also the majority of their vendors and business partners. Specifically, Covered Entities must comply with the HIPAA regulations and they are defined as:

Providers – Providers who exchange claims electronically, e.g., physicians, MTFs, dental clinics, pharmacies
Health plans – e.g., TRICARE
Clearinghouses – e.g., companies that perform electronic billing, claims repricing
Business Associates – e.g., managed care support contractors, vendors, consultants and others – Although not specifically Covered Entities, they are also impacted by the HIPAA regulations.

TOP

Light Bulb What does HIPAA mean for patients?

  • WRNMMC will ensure patient confidentiality is maintained through secure networks and ensure employees have authorized access to patient information
  • WRNMMC clergy may inquire about patients to provide assistance, as long as the patient has not expressed that information concerning them not be released
  • WRNMMC will ask for patients’ permission in advance before releasing any protected health information (PHI) for any reason other than treatment, payment and health care operations

TOP

Light Bulb What does HIPAA mean for staff?

  • Staff must ensure that our desktop computer is secure when we are not using it or when we step away for any reason
  • Staff will only have access to a patient’s Protected Health Information (PHI) on a “need to know” basis (minimum necessary provision under the Privacy Rule)
  • We cannot discuss any patient information with someone who does not have a need to know
  • In disaster situations, when feasible, we can release PHI to other health care facilities if they are receiving patients from the same disaster

TOP

Light Bulb What are the boundaries on medical records and health information?

With few exceptions, such as appropriate law enforcement or public interest needs, patients’ PHI may only be used for treatment, payment and health care operations (TPO).

Health information covered by HIPAA generally may not be used for purposes not related to health care, such as:

  • Disclosures to employers to make personnel decisions
  • Disclosures to marketing agencies without explicit authorization from the patient

TOP

Light Bulb What does HIPAA require for the protection of health care data?

Security risk assessment, management, mitigation in four categories:

Administrative Procedures and Physical Safeguards such as:

  • Password management
  • Virus protection on PCs
  • Clean desk awareness
  • Use of screensavers
  • Control access to departments
  • Lock PCs when you walk away
  • Maintain confidentiality of faxes, printouts, and reports
  • Lock bins, drawers and files
  • Restrict oral communication about patients/families to work areas and away from hallways, elevators and other public areas

Technical Security Services and Technical Security Mechanisms such as:

  • Unique user login ID
  • Access restriction
  • Data authentication to ensure data is not altered or destroyed with inappropriate access
  • Transmission security with external transmission of data
  • Entity ID verification

TOP

Light Bulb What is the impact of HIPAA on Information Technology?

Information Technology is a key enabler of the business process for most health care organizations, and, for the most part, this role will continue under HIPAA.

More true now than ever before, emphasis will be placed on IT for adherence to HIPAA regulations. IT may get the role of "watchdog," the failsafe that ensures a certain level of compliance, even if rote process is breached. In addition, some specific new responsibilities will fall on ITS. In particular:

  • The ITS department will assume by default the requirement of recording access to PHI.
  • ITS and Legal will interact more frequently as Legal works to ensure their requirements are sufficiently addressed.
  • WRNMMC will become acutely aware of the security of IT systems and software. Since HIPAA mandates the patient’s privacy and confidentiality, the security of IT systems will draw the attention and become of paramount importance to everyone.

The media's portrayal of Hackers may now alight upon the patient recollection as they are "Mirandized" with the new security and privacy portion of the admissions process.

TOP

Light Bulb What are the penalties for non-compliance and who can be held liable?

For unintentional violation of the HIPAA regulations, the Department of Health & Human Services can levy:

A fine of $100 per violation and a maximum of $25,000 per year

For intentional violation of the HIPAA regulations, the Department of Justice can levy:

  • A fine up to $50,000 and 1 year of prison for knowingly obtaining or disclosing PHI
  • A fine up to $10,000 and 5 years if done under false pretenses
  • A fine up to $250,000 and 10 years if intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm

Penalties may apply to the individual violator but they may also apply to the organization or even to its officers.

TOP

Light Bulb Where can I get the latest information on HIPAA?

For the complete HIPAA regulations, visit the Department of Health and Human Services.

To learn more about HIPAA insurance reform or HIPAA administrative simplification, visit Center for Medicare & Medicaid Services (CMS).

To learn more about what the Navy and TMA is doing to comply with HIPAA requirements, visit the TMA HIPAA site.

The WorkGroup for Electronic Data Interchange provides information and white papers on Transactions, Security and Privacy.

Questions about HIPAA regulatory compliance (transactions, code sets, national identifiers, and security) can be directed to the Centers for Medicare and Medicaid (CMS) at 410-786-4232 (local) or 1-866-282-0659 (toll-free).

TOP

PRIVACY

Light Bulb How will WRNMMC’s patients be affected by the Privacy regulation?

The Privacy regulation supports WRNMMC's commitment to keep patient information confidential. New patient rights were created, which include accessing and amending health information as well as filing complaints about privacy issues.

The NPP must include the following:

  • Uses and disclosures of Protected Health Information (PHI) for treatment, payment and health care operations (TPO)
  • Patients right to access, control and request restrictions on use
  • WRNMMC’s duties
  • Privacy complaints procedures
  • Privacy Officer contact information
  • Effective Date

TOP

Light Bulb How are providers affected by the Privacy regulation?

All providers, regardless of how Protected Health Information (PHI) is transmitted, are required to comply with the privacy regulation.

TOP

Light Bulb What is considered PHI under HIPAA?

The privacy regulations cover all Individually Identifiable Health Information that is transmitted or maintained on paper, in an electronic format, or in a verbal medium.

Examples of PHI elements are:

  • Names
  • Geographic locations smaller than a state
  • Birth date (except for a year)
  • Telephone or fax
  • Email address
  • Biometric identifiers
  • Social security number
  • Medical record # or account #
  • Photographs
  • License number/VINs
  • URLs/IP address
  • Health plan beneficiary number

TOP

Light Bulb What is Individually Identifiable Health Information?

  • Information that is created or received by a health care provider, health plan, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past present or future payment for the provision of health care to an individual; and
  • Can identify, or be used to identify, an individual.

TOP

TRANSACTIONS AND CODE SETS

Light Bulb Why have national standards for electronic health care transactions been adopted and why are they required?

Congress and the health care industry have agreed that standards for the electronic exchange of administrative and financial health care transactions are needed to improve the efficiency and effectiveness of the health care system. National standards for electronic health care transactions will encourage electronic commerce in the health care industry and ultimately simplify the processes involved. This will result in savings from the reduction in administrative burdens on health care providers and health plans.

Today, health care providers and health plans that conduct business electronically must use many different formats for electronic transactions. For example, about 400 different formats exist today for health care claims. With a national standard for electronic claims and other transactions, health care providers will be able to submit the same transaction to any health plan in the United States and the health plan must accept it. Health plans will be able to send standard electronic transactions such as remittance advices and referral authorizations to health care providers. These national standards will make electronic data interchange a viable and preferable alternative to paper processing for providers and health plans alike.

TOP

Light Bulb What health care transactions are required to use the standards under this regulation?

As required by HIPAA, DHHS is adopting standards for the following administrative and financial health care transactions:

  • Health claims and equivalent encounter information
  • Enrollment and disenrollment in a health plan
  • Eligibility for a health plan
  • Health care payment and remittance advice
  • Health plan premium payments
  • Health claim status
  • Referral certification and authorization
  • Coordination of benefits

Standards for the first report of injury and claims attachments (also required by HIPAA) will be adopted at a later date.

TOP

Light Bulb What are the benefits of HIPAA Transactions?

  • Reduce the cost of a typical paper transaction ($5-$15 per claim) to anywhere from $0.85 to $1.25 per electronic transaction
  • Reduce delays because of scanning and re-keying
  • Accelerate transaction delivery via secure networks
  • Eliminate costs for handling and storing paper documents
  • Create efficiencies with easier data sharing, record portability and automated business processes
  • Reduce errors in claims data entry and the elimination of re-entry of the same data lowers administrative operating costs and increases staff productivity
  • Faster submission of claims results in quicker payments and reduced receivables which improves cash forecasting and cash flow

TOP

Light Bulb What is a code set?

Codes to identify various diseases/injuries/impairments, inpatient and outpatient procedures, drugs/biologics, and medical supplies such as orthotics, prosthetics, durable medical equipment and dental services are included under HIPAA.

TOP


Contact

Location
Building 1, 2nd Floor, Room 2435

Phone
Main (301) 319-4775
Privacy Hot Line: (301) 319-8802
FOIA Hotline : (301) 295-8903

Hours of Operation
Monday thru Friday
0800 - 1600