| In
an effort to improve the efficiency and effectiveness of health
care, in August 1996 the Health Insurance Portability and
Accountability Act (HIPAA) was enacted into law. Key provisions
of the law require providers, health care clearinghouses and
health plans to adopt national standards for electronic health
care transactions. The purpose is to streamline and provide
uniform electronic filing and processing of health insurance
claims. This should make claims filing easier, save money,
and provide better service for patients, providers, hospitals,
and health plans.
HIPAA
also requires a federal floor of privacy and security protections
for personal health information. The privacy rule governs
the use and disclosure of an individual’s protected
health information and generally places limits on how the
information is shared and with whom.
The
Department of Health and Human Services (HHS) has issued or
is developing the following major regulations addressing the
privacy and administrative simplification provisions of HIPAA.
Electronic
Transaction Standards
In August 2000, HHS issued final electronic transaction standards
to reduce paperwork and speed the processing and payment of
health care claims. The new standards establish standard data
content, codes and formats for submitting electronic claims
and other administrative health care transactions. All health
plans are required to accept these standard electronic claims.
Compliance was required as of October 16, 2002, unless a covered
entity filed a compliance plan and applied for a one-year
extension on or before October 15, 2002.
Privacy
In December 2000, HHS issued a final rule to protect the confidentiality
of medical records and other personal health information.
The rule limits the use and release of individually identifiable
health information and provides increased patient access and
control over their medical records. Practices must comply
with the privacy rule provisions by April 14, 2003.
Security
Standards
The Security Rule focuses on requirements for covered entities
to protect and safeguard the confidentiality of medical information.
This rule addresses the transmission, storage and receipt
of data. Compliance will be required by April 20, 2005.
Employer
Identifier
In May 2002, HHS issued a final rule to standardize the identifying
numbers assigned to employers in the health care industry
by using the existing Employer Identification Number (EIN).
Currently, health plans and providers may use different ID
numbers for a single employer in their transactions. Covered
entities must comply with the EIN standard by July 30, 2004.
Other
Rules in Development
HHS is currently developing additional HIPAA administrative
simplification standards, including proposed regulations for
national identifiers for health care providers and health
plans. HHS is also drafting regulations governing enforcement
of all HIPAA standards.
National
Provider Identifier
In May 1998, HHS proposed standards to require hospitals,
doctors, nursing homes, and other health care providers to
obtain a unique identifier when filing electronic claims with
public and private insurance programs. Currently, health care
providers are assigned different ID numbers by each private
health plan, hospital, nursing home, etc.
National
Health Plan Identifier
HHS plans to create a unique identifier for health plans,
making it easier for health care providers to conduct transactions
with different health plans. | 
