OVERVIEW



Weblinx's HIPAAsolve has been designed to provide healthcare organizations with easy to use tools and guides which help privacy officers, office managers, or designated officials through a step-by-step approach to meeting the various requirements without overwhelming the organization's resources.

If your organization is trying to train members of the workforce, in addition to the HIPAA project leader, you may want to consider our HIPAAsolve Compliance Services, which provide small-to-medium sized organizations, and physician offices, with a 'do-it yourself' training and implementation package. The HIPAAsolve toolkit includes all the resources necessary to train staff on HIPAA's impact within the workplace.

What is HIPAA?

President Clinton signed into law the Health Insurance Portability and Accountability Act (HIPAA) on August 21, 1996. The two chief sponsors of the law were Senators Kennedy and Kassebaum, and therefore HIPAA is also referred to as the Kennedy-Kassebaum Act. Do not be misled by the name; this new federal law (P.L. 104-191) applies to many health care market players, not just health plans and insurance companies. It is the most sweeping legislation to affect the health care industry in over thirty years.

HIPAA is comprised of two major legislative actions: Health Insurance Reform and Administrative Simplification. The Health Insurance Reform provisions have been in effect for some time and require implementation of certain practices by health plans and insurers regarding portability and continuity of health coverage. Administrative Simplification mandates standards for electronic data interchange (EDI) and code sets, seeks protections for the privacy and security of patient data and establishes uniform healthcare identifiers.

Early interpretation of the act was earlier focused on its intent of improving health insurance coverage for people who changed or lost their jobs. The health care industry is now recognizing other important ramifications of the act, one of the most significant being the Administrative Simplification provisions (Title II, Sub-title F). The chief intent of these provisions is to streamline, standardize and secure electronic data interchange (EDI) and to further protect the confidentiality of health care information transmitted through any medium.

Administrative Simplification

Administrative Simplification, the most applicable section to the healthcare information technology industry, is actually three sets of standards - Transactions and Code Sets, Privacy and Security. These standards were developed by the Department of Health and Human Services (DHHS) at the behest of Congress with the goals of simplifying the administration of health insurance claims and lower costs, giving patients more control and access to their medical information and protecting individually identifiable medical information from real or potential threats of disclosure or loss.

Every practice, regardless of size, has two years from the date of the Final Rules are published in the Federal Register to comply. And the clock is ticking. The Final Rules for Transactions and Code Sets were issued in fall of 2000, and the Privacy regulations took effect after a brief delay the following spring.

Impacted Organizations

There are two types of organizations impacted by HIPAA and associated standards.

The first organizations directly named in the legislation are called covered entities and include health plans, healthcare providers and healthcare information clearinghouses.

The second are organizations indirectly named under the legislation. These are organizations that have a business relationship with covered entities and become subject to the laws as a consequence of chain-of-trust partner agreements executed with those entities. Any company or individual providing outsourced services to a covered entity that may involve the electronic transmission of individual data should expect to have to execute a chain-of-trust agreement and to comply with HIPAA provisions. This second group includes law firms, insurance companies, test labs and potentially employers.