Friday May 09, 2008
BridgeFront - http://www.hipaarx.net & Regulatory Compliance Products - HOME
  
Search

 
About Hipaa > Overview
HIPAA's Effect On Providers - Hospitals, Clinics & Practices

All health care entities that process health-related data are required to comply with the U.S. Department of Health and Human Services' (HHS) Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA has led to sweeping changes to health care administration and information systems as health care organizations struggle to achieve cost-effective compliance by 2003.

HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). 

HIPAA is a federal law that has been amended to the Internal Revenue Code of 1986 which intends to:

  • Improve portability and continuity of health insurance
    Combat waste, fraud and abuse in health insurance and health care delivery.

  • Promote the use of medical savings accounts.
    Improve access to long-term health care services and coverage.

  • Simplify the administration of health insurance.

The ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information.

These objectives help promote the modernization of health information systems. Industry analysts estimate the process of updating health information systems to be about three to four times more difficult than Y2K. Becoming HIPAA-compliant is more challenging because of extensive cross-departmental compliance and training requirements. Where Y2K centered on IT procedures and systems, HIPAA affects the entire organization. With Y2K, there was a stop date when IT professionals and organizations could determine if their compliance efforts were successful. HIPAA is an ongoing administration, privacy and security challenge that must be constantly addressed.

What It Means

Under HIPAA, there are specific standards that all health care organizations are required to adhere to. These standards include an Administrative Simplification Title that is aimed at preventing health care fraud and abuse.  Within this title, there are several laws and proposed standards including:

  • Electronic Health Transactions Standards (45 CFR Parts 160 and 162; Final Rule; Compliance by October 2002 (Providers can apply for a 1 year extension).

  • Privacy & Confidentiality Standards (45 CFR Parts 160 and 164; Final Rule; Compliance by April 2003 (2004 for small health plans).

  • Unique Health Identifiers (45 CFR Parts 160 and 164; Proposed Rule; Expected Compliance by 2004).
    Security & Electronic Signature Standards (45 CFR Part 142; Proposed Rule; Expected Compliance by 2004).

Who's Impacted?

HIPAA's standards directly apply to the following groups of health care entities:

  • Health Plans
  • Public and private payers
  • Health care insurers
  • HMOs
  • Medicare, Medicaid
  • Group health plans
  • Health Care Clearinghouses
  • Any entity that facilitates the processing of non-standard formatted health information and must convert the non-standard data into standard transactions, or vice versa.
  • Health Care Providers
  • Providers who transmit health information electronically.
  • Providers who receive individual health information.
  • Providers who electronically maintain health information used in electronic transmissions between entities.

Business Impact of HIPAA

H IPAA's reach is quite broad. It impacts all health plans, clearinghouses and providers who electronically store and transmit health information. It covers all individually identifiable health information that is transmitted electronically or on paper. Current administrative processes are complex, inefficient and costly. There is a great opportunity for HIPAA to help a covered entity drive down high administrative costs and realize efficiencies, while not adversely affecting the quality of patient care.

Conversely, non-compliance with HIPAA regulations may cause disruptions in an organization's day-to-day business processes, resulting in both tangible and intangible costs. The most serious implications of HIPAA non-compliance for health care organizations include the inability to effectively conduct electronic business and the potential of losing significant segments of business.

HIPAA's Impact on Business Processes

HIPAA has an enormous impact on the current business process. The requirements create new definitions for how information is processed, exchanged and protected. The following new procedures need to be developed in order to address medical practice operations:
Change in business-to-business practices:

  • Interactions between payers, providers, employers, business partners.
  • New transaction types to be supported.
  • Staffing and workflow assessment and training.
  • Protection of physical facilities and operations.
  • New contracts and business partnerships.
  • Legal protections.
  • Written and enforced security policies & procedures.
    Privacy policies.
  • Change management policies.
  • Patient/user information availability (up to six years).

Risk of Non-Compliance & Government Sanctions

Penalty for failure to comply with regulations
Up to $100 per violation per person up to a maximum of $25,000 per year.

Penalty for knowingly and wrongfully disclosing individually identifiable health information:

  • Up to $50,000 per violation or one year imprisonment or both for simple offense.

  • Up to $100,000 per violation or five years imprisonment or both if the offense is "under false pretenses."

  • Up to $250,000 or ten years imprisonment or both if committed with intent to sell, transfer or use for commercial advantage, personal gain or malicious harm.

Civil Sanctions - The Real Risk

The government will not have the resources to send out armies of auditors to verify compliance. The real source of risk is from civil litigation. There are over a dozen different legal options that could be pursued if your practice and employees are not HIPAA compliant (from Breach of Confidentiality and Breach of Contract to Negligence and Fraud). If you think this couldn't happen to you because you're too small, you'd be wrong. All it takes is one complaint to the right legal counsel and you may find yourself in a very difficult and expensive situation.

Investing in training and other services required to bring your practice into compliance should be viewed as cheap insurance against the improbable, but possible.

Call us today at 866-447-2211 or email info@hipaarx.net to see how we can help you navigate compliance.

HIPAA Solutions has developed a great turn-key certifications process.
HOW CAN WE HELP YOU?

HIPAA Solutions Rx
Toll Free 866-447-2211
Info@hipaarx.net
www.hipaarx.net



HIPAA For DC / DOM HIPAA For Business Associates HIPAA For Employers HIPAA For Health Plans HIPAA For Hospitals HIPAA For Providers HIPAA In Spanish

©® 2002-2008 BridgeFront