RILEY DAVIS

HEALTH INSURANCE PORTABILITY AND

ACCOUNTABILITY ACT

HIP

AA

BRIEF HISTORY

• delivered in Congress in 1996• designed to protect health insurance coverage for

workers and their families while between jobs•  establishes standards for electronic health care

transactions• addresses the issues of privacy and security• in 1996 consisted of just Title I and II

TITLE I HEALTH CARE ACCESS, PORTABILITY, AND RENEWABILITY

• limits restrictions a group health plan can place on benefits for preexisting conditions

• regulates coverage and availability to groups and individuals

• eradicates hidden exclusion periods

TITLE IIPREVENTING HEALTH CARE FRAUD AND ABUSE; ADMINISTRATIVE

SIMPLIFICATION; MEDICAL LIABILITY REFORM

• defines health care related offenses• outlines consequences• civil and criminal penalties

• creates several programs to control fraud and abuse• demands the HHS create rules/regulations• use and advertising/sharing of PHI (Protected Health

Info.)• 5 “Rules”

PHI:

• Any information held about health status, provision of healthcare, payment of healthcare, that can be linked to any individual

• Any part of medical record or payment history

PRIVACY RULE

• Creates regulations for use/disclosure of PHI

• Holders must disclose PHI within 30 days upon request by individual

• Keep track of disclosures and document privacy policy and procedures

TRANSACTIONS AND CODE SETS RULE

• Regulates how medical providers submit health care claims

• Covers claiming injury and pharmaceuticals, as well as advice, enrollment and maintenance, eligibility/benefits, hoe claims are handled, and how/when notifications are sent out

SECURITY RULE

• Deals specifically with Electronic Protected Health Information (ePHI)• Organized into 3 safeguards• Identifies security standards

• Separates “required” and “addressable” standards• All required must be adopted

THREE SAFEGUARDS

1. Administrative Safeguard• Policies and procedures designed to lay out how

holders will comply with act

2. Physical Safeguard• Controlling physical access to ePHI

3. Technical Safeguard• Control access to computer systems• Safeguard standards against hacks/interception of

ePHI

NPI:

National Provider Identifier

• 10 digits (may be alphanumeric)

• Doesn’t mean anything other than an identity

• Unique, never re-used

• Holder can only have one

UNIQUE IDENTIFIERS RULE

• All PHI holders using electronic communication must use a single NPI

• NPI replaces all other identifiers

ENFORCEMENT RULE

• Defines civil penalties for violating HIPAA

• Establishes procedures for investigations and hearings

EFFECTS: RESEARCH

• Large decrease in patient follow up

• Harder to recruit patients for studies

• Information Consent Forms are required to go into copious amounts of detail on privacy

EFFECTS: ENGINEERING

CITATIONS

Armstrong D, Kline-Rogers E, Jani S, Goldman E, Fang J, Mukherjee D, Nallamothu B, Eagle K (2005). "Potential impact of the HIPAA privacy rule on data collection in a registry of patients with acute coronary syndrome". Arch Intern Med 165 (10): 1125–9. doi:10.1001/archinte.165.10.1125. PMID 15911725.

Francis, T. (2006). Spread of records stirs fears of privacy erosion. The Wall Street Journal

Grimes, S. (2001). When hipaa finally comes, will clinical engineering be ready?. The National Center for Biotechnology Information, Retrieved from http://www.ncbi.nlm.nih.gov/pubmed/11383309Title II:

Grimes, S. (2003). The future of clinical engineering: the challenge of change. Manuscript submitted for publication, University of Rhode Island, Kingston, Rhode Island. Retrieved from http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1195702&tag=1

HSS.gov. (n.d.). U.s. department of health & human services. Retrieved from http://www.hhs.gov/ocr/privacy/index.html

Tribble, D. (2001). The health insurance portability and accountability act: security and privacy requirements. American Journal of Health-System Pharmacy, 58(9), Retrieved from http://www.ajhp.org/cgi/content/abstract/58/9/763

QUESTIONS?