HIPAA On The IT Organization: A Case Study
Effect of Titles and Subtitles of HIPAA on the IT Organization
Tina Cunningham
HCIS/420
08/12/2014
Effect of Titles and Subtitles of HIPAA on the IT Organization
For my second internship meeting the CEO needs help with briefing the chief marketing officer on the effects that (HIPPA) have on the IT field involving health care. The chief marketing officer is coming from the retail industry so I will need to explain to him the important parts of the IT department that involves the health care industry.
“The Health Insurance Portability and Accountability Act “(health.state.tn.us/hipaa/ )is “HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for …show more content…
people to keep health insurance, protect the confidentiality and security of healthcare information ad help the healthcare industry control administrative costs.”( health.state.tn.us/hipaa/)
HIPPA is used in all medical facilities to protect patients’ rights, it is extremely important that the medical facility follows the rules that HIPPA has put in place. HIPPA is used for patients’ rights and safety concerning their medical and personal information. A medical facility must follow the rules and guidelines that HIPPA has put in place to do just this for their patients.
HIPPA is a strong privacy protections that is critical in maintaining individuals’ trust in their health care providers and to obtain needed health care services, and these protections are especially important where very sensitive information is concerned.
HIPPA is very important in the IT part of health care industry, there are several entitles involved in IT and HIPPA.
HIPPA Title 11 Subtitle F consists of Administrative Simplification
Administration simplification purpose is the” purpose of this subtitle to improve the Medicare program under title XVIII of the Social Security Act, the Medicaid program under title XIX of such Act, and the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.”(http://aspe.hhs.gov/admnsimp/pl104191.htm)
The requirements for the HIPPA administration simplification consist of “"SEC. 1175. (a) CONDUCT OF TRANSACTIONS BY PLANS.--
"(1) IN GENERAL.--If a person desires to conduct a transaction referred to in section 1173(a)(1) with a health plan as a standard transaction--
"(A) the health plan may not refuse to conduct such transaction as a standard transaction;
"(B) the insurance plan may not delay such transaction, or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction; and
"(C) The information transmitted and received in connection with the transaction shall be in the form of standard data elements of health information.
"(2) SATISFACTION OF REQUIREMENTS.--A health plan may satisfy the requirements under paragraph (1) by--
"(A) directly transmitting and receiving standard data elements of health information; or
"(B) Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse, and receiving standard data elements through the health care clearinghouse.
"(3) TIMETABLE FOR COMPLIANCE.--Paragraph (1) shall not be construed to require a health plan to comply with any standard, implementation specification, or modification to a standard or specification adopted or established by the Secretary under sections 1172 through 1174 at any time prior to the date on which the plan is required to comply with the standard or specification under subsection (b).
"(b) COMPLIANCE WITH STANDARDS.--
"(1) INITIAL COMPLIANCE.--
"(A) IN GENERAL.--Not later than 24 months after the date on which an initial standard or implementation specification is adopted or established under sections 1172 and 1173, each person to whom the standard or implementation specification applies shall comply with the standard or specification.
"(B) SPECIAL RULE FOR SMALL HEALTH PLANS.--In the case of a small health plan, paragraph (1) shall be applied by substituting '36 months ' for '24 months '. For purposes of this subsection, the Secretary shall determine the plans that qualify as small health plans.
"(2) COMPLIANCE WITH MODIFIED STANDARDS.--If the Secretary adopts a modification to a standard or implementation specification under this part, each person to whom the standard or implementation specification applies shall comply with the modified standard or implementation specification at such time as the Secretary determines appropriate, taking into account the time needed to comply due to the nature and extent of the modification. The time determined appropriate under the preceding sentence may not be earlier than the last day of the 180-day period beginning on the date such modification is adopted. The Secretary may extend the time for compliance for small health plans, if the Secretary determines that such extension is appropriate.
"(3) CONSTRUCTION.--Nothing in this subsection shall be construed to prohibit any person from complying with a standard or specification by--
"(A) submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse; or
"(B) Receiving standard data elements through a health care clearinghouse.”(http://aspe.hhs.gov/admnsimp/pl104191.htm) This is very imprtonat with following the HIPPA rules and regulations
"PROCESSING PAYMENT TRANSACTIONS BY FINANCIAL INSTITUTIONS
"SEC. 1179. To the extent that an entity is engaged in activities of a financial institution (as defined in section 1101 of the Right to Financial Privacy Act of 1978), or is engaged in authorizing, processing, clearing, settling, billing,
Transferring, reconciling, or collecting payments, for a financial institution, this part, and any standard adopted under this part, shall not apply to the entity with respect to such activities, including the following:
"(1) The use or disclosure of information by the entity for authorizing, processing, clearing, settling, billing, transferring, reconciling or collecting, a payment for, or related to, health plan premiums or health care, where such payment is made by any means, including a credit, debit, or other payment card, an account, check, or electronic funds transfer.
"(2) the request for, or the use or disclosure of, information by the entity with respect to a payment described in paragraph (1)--
"(A) for transferring receivables;
"(B) For auditing;
"(C) In connection with--
"(i) a customer dispute; or
"(ii) An inquiry from, or to, a customer;
"(D) In a communication to a customer of the entity regarding the customer 's transactions, payment card, account, checks, or electronic funds transfer;
"(E) For reporting to consumer reporting agencies; or
"(F) For complying with--
"(i) a civil or criminal subpoena; or
"(ii) A Federal or State law regulating the entity.”
(b) CONFORMING AMENDMENTS.--
(1) REQUIREMENT FOR MEDICARE PROVIDERS.--Section 1866(a) (1) (42 U.S.C. 1395cc (a) (1)) is amended--
(A) by striking ``and" at the end of subparagraph (P);
(B) By striking the period at the end of subparagraph (Q) and inserting "; and"; and
(C) By inserting immediately after subparagraph (Q) the following new subparagraph:
"(R) to contract only with a health care clearinghouse (as defined in section 1171) that meets each standard and implementation specification adopted or established under part C of title XI on or after the date on which the health care clearinghouse is required to comply with the standard or specification.".
(2) TITLE HEADING.--Title XI (42 U.S.C. 1301 et seq.) is amended by striking the title heading and inserting the following :( http://aspe.hhs.gov/admnsimp/pl104191.htm)
"EFFECT ON STATE LAW
"SEC. 1178. (a) GENERAL EFFECT.--
"(1) GENERAL RULE.--Except as provided in paragraph (2), a provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1172 through 1174, shall supersede any contrary provision of State law, including a provision of State law that requires medical or health plan records (including billing information) to be maintained or transmitted in written rather than electronic form.
"(2) EXCEPTIONS.--A provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1172 through 1174, shall not supersede a contrary provision of State law, if the provision of State law--
"(A) is a provision the Secretary determines--
"(I) is necessary--
"(I) to prevent fraud and abuse;
"(II) To ensure appropriate State regulation of insurance and health plans;
"(III) For State reporting on health care delivery or costs; or
"(IV) For other purposes; or
"(ii) Addresses controlled substances; or
"(B) Subject to section 264(c) (2) of the Health Insurance Portability and Accountability Act of 1996, relates to the privacy of individually identifiable health information.
"(b) PUBLIC HEALTH.--Nothing in this part shall be construed to invalidate or limit the authority, power, or procedures established under any law providing for the reporting of disease or injury, child abuse, birth, or death, public health surveillance, or public health investigation or intervention.
"(c) STATE REGULATORY REPORTING.--Nothing in this part shall limit the ability of a State to require a health plan to report, or to provide access to, information for management audits, financial audits, program monitoring and evaluation, facility licensure or certification, or individual licensure or certification. (http://aspe.hhs.gov/admnsimp/pl104191.htm)
The HIPPA Title 11 subtitle F consist of six parts, I have mentioned three of these parts that I think that are the most important parts that pertain to HIPPA and the IT part of HIPPA.
References
http://search.proquest.com.ezproxy.apollolibrary.com/docview/214069689/fulltextPDF?accountid=458
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/nist80066.pdf
http://aspe.hhs.gov/admnsimp/pl104191.htm
Tina Cunningham
HCIS/420
08/12/2014
Effect of Titles and Subtitles of HIPAA on the IT Organization
For my second internship meeting the CEO needs help with briefing the chief marketing officer on the effects that (HIPPA) have on the IT field involving health care. The chief marketing officer is coming from the retail industry so I will need to explain to him the important parts of the IT department that involves the health care industry.
“The Health Insurance Portability and Accountability Act “(health.state.tn.us/hipaa/ )is “HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for …show more content…
people to keep health insurance, protect the confidentiality and security of healthcare information ad help the healthcare industry control administrative costs.”( health.state.tn.us/hipaa/)
HIPPA is used in all medical facilities to protect patients’ rights, it is extremely important that the medical facility follows the rules that HIPPA has put in place. HIPPA is used for patients’ rights and safety concerning their medical and personal information. A medical facility must follow the rules and guidelines that HIPPA has put in place to do just this for their patients.
HIPPA is a strong privacy protections that is critical in maintaining individuals’ trust in their health care providers and to obtain needed health care services, and these protections are especially important where very sensitive information is concerned.
HIPPA is very important in the IT part of health care industry, there are several entitles involved in IT and HIPPA.
HIPPA Title 11 Subtitle F consists of Administrative Simplification
Administration simplification purpose is the” purpose of this subtitle to improve the Medicare program under title XVIII of the Social Security Act, the Medicaid program under title XIX of such Act, and the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.”(http://aspe.hhs.gov/admnsimp/pl104191.htm)
The requirements for the HIPPA administration simplification consist of “"SEC. 1175. (a) CONDUCT OF TRANSACTIONS BY PLANS.--
"(1) IN GENERAL.--If a person desires to conduct a transaction referred to in section 1173(a)(1) with a health plan as a standard transaction--
"(A) the health plan may not refuse to conduct such transaction as a standard transaction;
"(B) the insurance plan may not delay such transaction, or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction; and
"(C) The information transmitted and received in connection with the transaction shall be in the form of standard data elements of health information.
"(2) SATISFACTION OF REQUIREMENTS.--A health plan may satisfy the requirements under paragraph (1) by--
"(A) directly transmitting and receiving standard data elements of health information; or
"(B) Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse, and receiving standard data elements through the health care clearinghouse.
"(3) TIMETABLE FOR COMPLIANCE.--Paragraph (1) shall not be construed to require a health plan to comply with any standard, implementation specification, or modification to a standard or specification adopted or established by the Secretary under sections 1172 through 1174 at any time prior to the date on which the plan is required to comply with the standard or specification under subsection (b).
"(b) COMPLIANCE WITH STANDARDS.--
"(1) INITIAL COMPLIANCE.--
"(A) IN GENERAL.--Not later than 24 months after the date on which an initial standard or implementation specification is adopted or established under sections 1172 and 1173, each person to whom the standard or implementation specification applies shall comply with the standard or specification.
"(B) SPECIAL RULE FOR SMALL HEALTH PLANS.--In the case of a small health plan, paragraph (1) shall be applied by substituting '36 months ' for '24 months '. For purposes of this subsection, the Secretary shall determine the plans that qualify as small health plans.
"(2) COMPLIANCE WITH MODIFIED STANDARDS.--If the Secretary adopts a modification to a standard or implementation specification under this part, each person to whom the standard or implementation specification applies shall comply with the modified standard or implementation specification at such time as the Secretary determines appropriate, taking into account the time needed to comply due to the nature and extent of the modification. The time determined appropriate under the preceding sentence may not be earlier than the last day of the 180-day period beginning on the date such modification is adopted. The Secretary may extend the time for compliance for small health plans, if the Secretary determines that such extension is appropriate.
"(3) CONSTRUCTION.--Nothing in this subsection shall be construed to prohibit any person from complying with a standard or specification by--
"(A) submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse; or
"(B) Receiving standard data elements through a health care clearinghouse.”(http://aspe.hhs.gov/admnsimp/pl104191.htm) This is very imprtonat with following the HIPPA rules and regulations
"PROCESSING PAYMENT TRANSACTIONS BY FINANCIAL INSTITUTIONS
"SEC. 1179. To the extent that an entity is engaged in activities of a financial institution (as defined in section 1101 of the Right to Financial Privacy Act of 1978), or is engaged in authorizing, processing, clearing, settling, billing,
Transferring, reconciling, or collecting payments, for a financial institution, this part, and any standard adopted under this part, shall not apply to the entity with respect to such activities, including the following:
"(1) The use or disclosure of information by the entity for authorizing, processing, clearing, settling, billing, transferring, reconciling or collecting, a payment for, or related to, health plan premiums or health care, where such payment is made by any means, including a credit, debit, or other payment card, an account, check, or electronic funds transfer.
"(2) the request for, or the use or disclosure of, information by the entity with respect to a payment described in paragraph (1)--
"(A) for transferring receivables;
"(B) For auditing;
"(C) In connection with--
"(i) a customer dispute; or
"(ii) An inquiry from, or to, a customer;
"(D) In a communication to a customer of the entity regarding the customer 's transactions, payment card, account, checks, or electronic funds transfer;
"(E) For reporting to consumer reporting agencies; or
"(F) For complying with--
"(i) a civil or criminal subpoena; or
"(ii) A Federal or State law regulating the entity.”
(b) CONFORMING AMENDMENTS.--
(1) REQUIREMENT FOR MEDICARE PROVIDERS.--Section 1866(a) (1) (42 U.S.C. 1395cc (a) (1)) is amended--
(A) by striking ``and" at the end of subparagraph (P);
(B) By striking the period at the end of subparagraph (Q) and inserting "; and"; and
(C) By inserting immediately after subparagraph (Q) the following new subparagraph:
"(R) to contract only with a health care clearinghouse (as defined in section 1171) that meets each standard and implementation specification adopted or established under part C of title XI on or after the date on which the health care clearinghouse is required to comply with the standard or specification.".
(2) TITLE HEADING.--Title XI (42 U.S.C. 1301 et seq.) is amended by striking the title heading and inserting the following :( http://aspe.hhs.gov/admnsimp/pl104191.htm)
"EFFECT ON STATE LAW
"SEC. 1178. (a) GENERAL EFFECT.--
"(1) GENERAL RULE.--Except as provided in paragraph (2), a provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1172 through 1174, shall supersede any contrary provision of State law, including a provision of State law that requires medical or health plan records (including billing information) to be maintained or transmitted in written rather than electronic form.
"(2) EXCEPTIONS.--A provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1172 through 1174, shall not supersede a contrary provision of State law, if the provision of State law--
"(A) is a provision the Secretary determines--
"(I) is necessary--
"(I) to prevent fraud and abuse;
"(II) To ensure appropriate State regulation of insurance and health plans;
"(III) For State reporting on health care delivery or costs; or
"(IV) For other purposes; or
"(ii) Addresses controlled substances; or
"(B) Subject to section 264(c) (2) of the Health Insurance Portability and Accountability Act of 1996, relates to the privacy of individually identifiable health information.
"(b) PUBLIC HEALTH.--Nothing in this part shall be construed to invalidate or limit the authority, power, or procedures established under any law providing for the reporting of disease or injury, child abuse, birth, or death, public health surveillance, or public health investigation or intervention.
"(c) STATE REGULATORY REPORTING.--Nothing in this part shall limit the ability of a State to require a health plan to report, or to provide access to, information for management audits, financial audits, program monitoring and evaluation, facility licensure or certification, or individual licensure or certification. (http://aspe.hhs.gov/admnsimp/pl104191.htm)
The HIPPA Title 11 subtitle F consist of six parts, I have mentioned three of these parts that I think that are the most important parts that pertain to HIPPA and the IT part of HIPPA.
References
http://search.proquest.com.ezproxy.apollolibrary.com/docview/214069689/fulltextPDF?accountid=458
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/nist80066.pdf
http://aspe.hhs.gov/admnsimp/pl104191.htm