Health Insurance Portability and Accountability Act (HIPAA)
On Jan. 1, 2003, the Oklahoma Health Care Authority (OHCA) launched a new Medicaid Management Information System (MMIS). Along with the new system, OHCA included the Health Insurance Portability and Accountability Act (HIPAA) Transaction Set Standards.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that affects the entire health care industry. This legislation mandates that several of the major health care electronic data exchanges, such as electronic claims and remittance advices, be standardized into the same national format for all payers, providers and clearinghouses. All providers who submit claims electronically to Medicaid began using the HIPAA formats in mid-December 2002.
HIPAA was enacted for several purposes, including:
- Administrative Simplification
- Improved portability and continuity of health insurance coverage
- Increased access to long-term care services and coverage
- Prevention of waste and abuse in health insurance and health care delivery
- Promotion of medical savings accounts
While the health care industry has had to address the other areas of HIPAA, the most impact, both in benefit and cost, will be the Administrative Simplification section of the law.
The Administrative Simplification portion requires the secretary of the Department of Health and Human Services (DHHS) to adopt standards for health care electronic transactions, data elements for those transactions, unique identifiers for many of the health care stakeholders, security and electronic signatures and privacy and confidentiality rules.
In August 2000, DHHS published rules for standard health care electronic transactions in a draft addenda. At that time, the implementation deadline was October 16, 2002. In December 2001, the deadline was extended to October 16, 2003. The final addenda for the transaction standards were approved in February 2003 and required changes to the new MMIS. OHCA recommended that submitters should retest all transactions to insure compliance.
The following is a list of transactions affected by these rules:
- Claims – institutional (e.g. hospitals), professional (e.g. doctors), dental
- Claims status inquiry and response
- Coordination of benefits
- Eligibility inquiry and response
- Enrollment/disenrollment in a health plan (Medicare and Medicaid are considered a health plan)
- Health plan premium payments
- Payment and remittance advice
- Referral certification and authorization
As well as standardization of the electronic data formats, HIPAA Administrative Simplification standardizes the "codes" in the health care transactions. Proprietary or locally established codes are not acceptable under the HIPAA rules.
Privacy of Individually Identifiable Health Information
OHCA continually addresses the requirements of the HIPAA privacy rules. It is important for providers to look at these rules and determine how they apply to their current practices. These rules can be accessed at DHHS's website. Providers may also want to contact their provider associations and accreditation organizations to find out more about the impact of the privacy rules on their practices and/or organization.
DHHS's final rules on Privacy of Individually Identifiable Health Information were implemented in April, 2003. This established standards for the industry in the protection of individual privacy and confidentiality of health care information. Key elements of the rules include:
- Patient's consent is required for disclosure of health care information. Consent must include patient's receipt of detailed written information about their privacy rights and purpose of the release of information.
- Protection of privacy includes electronic records, paper records and oral communication.
- Providers are given discretion in determining what information to provide for treatment purposes.
- Unauthorized use of individual health information is prohibited.
DHHS is expected to publish additional rules that will further implement the requirements of Administrative Simplification. Those rules include:
- Additional Transactions
- National Identifiers
- Security and Electronic Signature Standards
For more information on HIPAA and Administrative Simplification, please refer to the following websites: