|
April 2004, Vol. 13, No. 4 | Return to Table of Contents
What's all the Hype about HIPAA?
Chances are you have heard the term HIPAA - but do you know what the acronym stands for? Do you know its purpose?
HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996.
HIPAA's original intent was to insure "portability" of health insurance coverage when individuals were changing jobs. However, as legislative negotiations continued, the scope of the Act grew to include a variety of rules and standards concerning electronic transactions, security, and privacy.
HIPAA's Transaction Rules mandate the use of Electronic Data Interchange (EDI) standards within the health industry. EDI allows computers to automatically exchange (without human intervention) data about individuals. HIPAA regulates and prohibits the use or disclosure of all individually identifiable "Protected Health Information" (PHI) transmitted or maintained by a health plan or health care provider without the authorization of the individual (unless specifically required or allowed by the privacy regulation). PHI is data that identifies the information to a specific individual or provides a description of the specific individual's health.
HIPAA's Privacy Rules basically ensure that patients" medical records remain private and confidential, and are only released under certain circumstances with the patient's consent (unless specifically required or allowed by the privacy regulation). The Privacy rules are a logical consequence of the transaction rules. While originally covering only electronic information, the final privacy rules expanded their protection to all PHI (including paper and fax) used by a health care provider or health plan.
What does HIPAA mean for you as a consumer of health care?
You'll receive formal privacy notices from each health care provider you access "physicians, therapists, pharmacies, counselors, ambulance services, emergency room services, etc."as well as your health insurance carriers. All are required to educate consumers about their rights and recourse for violations. In addition, you can be assured that providing notice of your rights is just the tip of the iceberg. Each health plan/provider has had to overhaul their organization and implement new processes in service delivery and record maintenance/access to ensure the ultimate goal of HIPAA is reached: maintaining the confidentiality of PHI.
What does HIPAA mean for the MBL?
As a plan sponsor, the MBL is responsible for ensuring that its health plan vendorsBlue Cross Blue Shield of Massachusetts and Delta Dental Plan of Massachusetts'comply with the requirements of HIPAA. We have written Business Associate Agreements on file from each health plan provider indicating their commitment to, and documenting their fulfilled obligation to HIPAA terms. Any data that is shared in any format"written, electronic or verbal -between the MBL and its health plan vendors is NEVER individually identifiable. Trust that no one at the MBL has access to any confidential medical records or personal health or claims information relating to its employees.
HIPAA is serious business and will not be going away. Look forward to changes and clarifications in the future that further restrict who has access to what information, all in the name of providing control and protection to consumers of health care.
|