HIPAA UPDATES

HIPAA Frequently Asked Questions.

General HIPAA information

What is HIPAA?
HIPAA is the health industry acronym for the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 that was signed into law on August 21, 1996. The law is to amend the Internal Revenue Code of 1986 to achieve the following:
• improve access, portability and continuity of health insurance coverage in the group and individual markets;
• combat waste, fraud and abuse in health insurance and health care delivery;
• promote the use of medical savings accounts;
• improve access to long-term care services and coverage

The Administrative Simplification provisions of HIPAA give the Secretary of
Health and Human Services (HHS) authority to
• mandate standards for the electronic exchange of health care data.
• adopt standard medical code sets and national identifiers for health care patients, providers, payers (or plans), and employers (or sponsors).
• regulate the security and privacy of individually identifiable health information and
• set standards for legally enforceable signatures for use in electronic transactions.

What are the compliance dates for these upcoming HIPAA Administrative Simplification provisions?
The Transaction and Code Set Standards compliance date is October 16, 2002. Standards for Privacy of Individually Identifiable Health Information compliance date is April 14, 2003.
Final Security and Electronic Signature standards have not been published yet. Final national identifiers for health care patients, providers, payers (or plans), and employers (or sponsors) have not been published yet.

Transactions and Code Sets

What are the Transaction and Code Sets provisions of HIPAA? What is the required compliance date?
Under the regulations for electronic data interchange standards (a.k.a. Transactions & Code Sets), national standards for the data required in health related transactions have been established. These standards will enable more information to be sent and received electronically between providers, insurers and others in the health care industry. Some examples of changes are the use of standard claim data by all insurers and the assignment of national identification numbers for providers that will be used by all insurers to which a provider submits information.
Covered entities must use applicable HIPAA standard formats when conducting electronic transactions by October 16, 2002, (October 16, 2003, for entities that defer implementation under provisions of the Administrative Simplification Compliance Act which was signed into law December 2001).

What is ANSI?
The American National Standards Institute is an organization that accredits standards-setting committees, and monitors their compliance with their prescribed open rule-making process. HIPAA requires that adopted standards be developed by ANSI-accredited bodies whenever practical. Adopted Electronic Data Interchange (EDI) standards come from the following ANSI-accredited groups:
The National Council for Prescription Drug Programs (NCPDP) maintains standard formats for use by the retail pharmacy industry.
The Accredited Standards Committee X12 (ASC X12) defines standards for many American industries, including health care insurance. ASC X12 is comprised of several subcommittees, including the Insurance Subcommittee XI 2N.

What is an XI2N Implementation Guide?
An Implementation Guide is a document explaining the proper use of an EDI
standard for a specific business purpose. Several implementation guides authored by
XI2N have been adopted by reference into the HIPAA regulations.
Implementation guides are more specific than the underlying X12 standards on which they are based. HIPAA implementers must refer to them when planning their implementation.

Transaction Details

Are providers mandated to send claims ill an electronic format?
No, HIPAA does not prohibit paper claims.

Does HIPAA require providers to accept a remittance advice (835) transaction?
No. HIPAA does not require providers to accept an 835 transaction. They may continue to receive paper remittances.

Does HIPAA require health plans to offer Electronic Funds transfer to providers?
No, HIPAA does not require health plans to provide EFT.

Will HIPAA require paper as a follow-up to an electronic remittance advice via the
835?
HIPAA does not require a health plan to distribute both paper and electronic claim payment information.

More Information

Where can I find the HIPAA implementation guides?
The XI2N implementation guides can be downloaded free of charge from Washington Publishing Company's web site at http://www.wpc-edi.com/hipaa

Where do I go if I have additional questions regarding HIPAA Transaction and Code Sets or the X12 transactions?
We have found the following web sites to be helpful:
Questions about interpretation of the final rule on transactions and code sets HHS Administrative Simplification page
http://aspe.hhs.gov/admnsimp/

Questions about implementing the standards WBDI's Strategic National Implementation process (SNIP)
http://snip.wedi.org

HIPAA Privacy Compliance Program

How far along are you in your HIPAA Privacy compliance efforts?
Each of our business segments has completed their analyses of changes that need to be made to meet the requirements of the HIPAA Privacy Regulation as it relates to their respective internal and external business operations.

Will you be compliant with the HI PAA Privacy Regulations by the mandatory compliance date?
Overall implementation is on track for compliance by 4/14/2003.

Personal Health Information

Describe the ways in which you maintain and protect personal health information?
We limit access to personal health information to only those persons who need to know that information to provide our products or services. These persons are trained on the importance of safeguarding this information and must comply with our procedures and applicable law. We meet strict physical, electronic and procedural security standards to protect personal health information and maintain internal procedures to promote the integrity and accuracy of that information.

Do the HIPAA Privacy Regulations prohibit the use of Social Security Number as a member, participant or subscriber number?
The HIPAA Privacy Regulations do not prohibit the use of Social Security Number as a covered person, participant or subscriber number. However, under the HIPAA statute, a structure was created for standards in addition to privacy, including national identifiers for health care providers, employers, health plans and individuals for use in electronic transactions. The issue of developing an individual identifier for covered persons has been very controversial because of huge cost involved in moving to another standard, and no date has been set for HHS to issue proposed regulations in this area.

We will continue updating this page,so please come back again.