Health Insurance Portability and Accountability Act

From LIMSWiki
Revision as of 18:04, 11 February 2015 by Shawndouglas (talk | contribs) (Modifying. Saving and modifying more.)
Jump to navigationJump to search

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. Its intended purpose was "to improve portability and continuity of health insurance coverage in the group and individual markets; to combat waste, fraud, and abuse in health insurance and health care delivery; to promote the use of medical savings accounts; to improve access to long-term care services and coverage; [and] to simplify the administration of health insurance."[1]

History

Structure

HIPAA is divided into five titles:

Title I: Health Care Access, Portability, and Renewability

Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform

Title III: Tax-Related Health Provisions

Title IV: Application and Enforcement of Group Health Plan Requirements

Title V: Revenue Offsets

Description

Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.

Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.[2] Title II also addresses the security and privacy of health data, with the intend of improving the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.

Enforcement

On February 16, 2006, HHS issued the Final Rule regarding HIPAA enforcement. It became effective on March 16, 2006. The Enforcement Rule set civil money penalties for violating HIPAA rules and established procedures for investigations and hearings for HIPAA violations. Before the enforcement rule, the deterrent effects of the legislation seemed negligible, with few prosecutions for violations.[3] Enforcement operations were ratcheted up further with the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, which greatly increased the financial penalties that could be applied to entities in non-compliance.[4]

By the end of 2014, the U.S. Department of Health and Human Resources (HHS) reported investigating 106,522 HIPAA complaints against national pharmacy chains, major health care centers, insurance groups, hospital chains and other small providers since April 2003. The HHS reported 23,314 of those cases had been resolved by requiring changes in privacy practice or by corrective action. 10,566 cases were investigated and found that HIPAA was followed correctly. Another 68,412 cases were found to be ineligible for enforcement because, for example, a violation occurred before HIPAA became effective, a case was withdrawn by the pursuer, or an activity did not actually violate the rules.[5]

According to the HHS, the most commonly investigated compliance issue, by order of frequency, have been[5]:

  1. incorrectly used or revealed protected health information (PHI);
  2. insufficient protection mechanisms for PHI;
  3. insufficient mechanisms for patients to access their PHI;
  4. insufficient administrative protections and tools for managing electronic PHI; and
  5. usage and disclosure of more PHI than minimally necessary.

The HHS also stated the entities most likely to be responsible for infractions, by order of frequency, have been[5]:

  1. private practices;
  2. general hospitals;
  3. outpatient facilities;
  4. pharmacies; and
  5. health plans (group health plans and health insurance issuers).

Impact

The enactment of HIPAA caused major changes in the way physicians and medical centers operate. The complex legalities and potentially stiff penalties associated with HIPAA, as well as the increase in paperwork and the cost of its implementation, were causes for concern among physicians and medical centers. Many of those concerns were expressed in an August 2006 paper published in the journal Annals of Internal Medicine.[6] It mentions a University of Michigan study that demonstrated how the implementation of the HIPAA Privacy rule resulted in a drop from 96 percent to 34 percent in the proportion of follow-up surveys completed by study patients being followed after a heart attack.Cite error: Closing </ref> missing for <ref> tag

Audit guidelines and checklist

For those auditing computer systems and IT environments for their compliance with the Health Insurance Portability and Accountability Act and other regulations, a set of guidelines and checklist items may be useful.

Click the link above for the full set of guidelines and checklist items as they relate to HIPAA.

Further reading


References

  1. "Public Law 104 - 191 - Health Insurance Portability and Accountability Act of 1996". U.S. Government Publishing Office. http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/content-detail.html. Retrieved 11 February 2015. 
  2. "Overview HIPAA - General Information". Centers for Medicare and Medicaid Services. http://www.cms.gov/HIPAAGenInfo/. Retrieved 28 February 2012. 
  3. Stein, Rob (5 June 2006). "Medical Privacy Law Nets No Fines". The Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2006/06/04/AR2006060400672.html. Retrieved 28 February 2012. 
  4. Solove, Daniel J. (April 2013). "HIPAA Turns 10: Analyzing the Past, Present and Future Impact". Journal of AHIMA 84 (4): 22–28. http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050149.hcsp?dDocName=bok1_050149. Retrieved 11 February 2015. 
  5. 5.0 5.1 5.2 "Enforcement Highlights". U.S. Department of Health and Human Services. 15 January 2015. Archived from the original on 11 February 2015. https://web.archive.org/web/20150211170207/http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html. Retrieved 11 February 2015. 
  6. Wilson, Jennifer Fisher (2006). "Health Insurance Portability and Accountability Act Privacy Rule Causes Ongoing Concerns among Clinicians and Researchers". Annals of Internal Medicine 145 (4): 313–6. doi:10.7326/0003-4819-145-4-200608150-00019. PMID 16908928.