Texas Medical Systems
Company Solutions Support Training Spacer
 

>

Clearinghouse

>

HIPAA

>

Code Sets

>

Unique Identifiers

>

Privacy Rule

>

Security Rule

>

Administrative

>

Links

>

Hardware

>

Home


HIPAA

OVERVIEW

HIPAA is the acronym for The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), formerly the Kennedy-Kassenbaum Bill. Signed into law by President Clinton, this legislation was designed to incrementally reform healthcare in the United States. HIPAA is best known as the law that provides individuals and their families continued health insurance coverage after leaving, or losing, a job. However, HIPAA has evolved into a wide-reaching mandate geared toward assuring the privacy and security of individually identifiable healthcare information and standardizing electronic healthcare transactions. The primary objective of HIPAA is the overall reduction of healthcare expenditures.

The HIPAA regulations apply to all healthcare organizations that maintain or transmit health information electronically. This includes all healthcare providers, from integrated delivery systems to private physician practices, healthcare clearinghouses and health plans, collectively referred to as covered entities. Compliance with the HIPAA regulations is not a one-time event but an on-going process that requires continued monitoring and updating. Non-compliance can lead to substantial criminal and civil penalties, which range from $100 per violation up to a maximum of $25,000 for a single violation. Fines can range up to $250,000 and 10 years in prison for wrongful disclosure with intent to sell information. Additionally, credentialing authorities, such as the Joint Commission on the Accreditation of Healthcare Organizations (JCAHO) and the National Commission on Quality Assurance (NCQA), are evaluating means of integrating the HIPAA mandates into their evaluation processes.

It is critical to recognize that HIPAA is not an information technology issue, but a management issue for all covered entities. There are legal, regulatory, process, security and technology aspects to each rule. Therefore, it would be unwise to believe the installation of information systems, singularly, would achieve HIPAA compliance. Covered entities must analyze their processes and policies relative to the regulations via a detailed gap analysis. Only after identifying operational strengths and weaknesses can an optimal compliance plan specific to the entity be constructed and implemented.

The Administrative Simplification portion of the HIPAA law presents covered entities with uncertainties and will require activities that are anticipated to equal, or surpass, those of Y2K. Administrative Simplification falls into the following four broad sections:

Three of these categories, EDI Transactions and Code Sets, Unique Identifiers and Privacy, have been approved by the Department of Health and Human Services (DHHS) Secretary and have established compliance dates.

 

Home | Company | Solutions | Support | Training | Contact Us | Site Map

Copyright 2006 — Texas Medical Systems Inc.