Online Application
 
 
Services
Merchant Account
ACH Program
ATMs
Auto Approval
Check Protection
Credit Card Terminals
E-Checks
Gift & Loyalty Program
HIPPA Compliency
- What is HIPPA?
- The Solution
- Benefits
- FAQ's
Equipment
Comstar
Hypercom
Verifone
Nurit

HIPAA FAQ's

The Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act. The goals of the law include, but is not limited to :

  • Improved efficiency in healthcare delivery by standardizing electronic data interchange.
  • Protection of confidentiality and security of health data through setting and enforcing standards.
  • Standardization of electronic patient health, administrative and financial data.
  • Unique health identifiers for individuals, employers, health plans and health care providers.
  • Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.
  • The bottom line: sweeping changes in most healthcare transaction and administrative information systems.

Who is affected?

All healthcare organizations. This includes all health care providers, even 1-physician offices, health plans, employers, public health authorities, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities.

Are there penalties?

HIPAA calls for severe civil and criminal penalties for noncompliance, including: -- fines up to $25K for multiple violations of the same standard in a calendar year -- fines up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information

What are the compliance deadlines?

Most entities have 24 months from the effective date of the final rules to achieve compliance. Normally, the effective date is 60 days after a rule is published. The Transactions Rule was published on August 17, 2000. So the compliance date for that rule is October 16, 2002. The Privacy Rule was published on December 28, 2000, but due to minor glitch didn't become effective until April 14, 2001. Compliance is required for the Privacy Rule on April 14, 2003.

How will we all be affected?

Required compliance responses aren't standard, because organizations aren't. For example, an organization with a computer network will be required to implement one or more security authentication access mechanisms - "user-based," "role-based,"and/or "context-based" access - depending on its network environment. However, an organization that is still all paper-based will have to show secure document storage and mechanisms for tracking documentation changes.

How will smaller providers be affected?

The proposed security standard does not require extraordinary measures. It involves taking actions that assure the security of the information to be protected. The standard does not dictate specific technologies. The requirements of the standard may be implemented in a number of ways, depending upon the security needs and technologies in place at each business and upon agreements among businesses that work together.

What benefits do the new HIPAA regulations provide to healthcare organizations?

We can identify three important potential benefits.

  • The standardization of electronic data interchange may significantly improve information transfer between payer and provider.
  • Codification of electronic data standards may position providers to efficiently move their services onto the Internet.
  • It provides healthcare organizations with an opportunity to streamline and simplify their operations and infrastructure thereby providing a significant potential for savings. For example, a large amount of physician practice time is currently spent on administrative processing. We expect that administrative needs may significantly decrease with implementation of HIPAA standards.
Is there any consideration for small plans for complying with the standard once it is adopted?

Yes. Small plans will have 36 months to comply after the standard is adopted.

How is a small plan defined?

A small plan is one that meets the definition of a small business, under the Small Business Association's rules, annual receipts of less than $5 million.

I am an employer and I provide on site healthcare for my employees. Do these HIPAA standards apply to me?

Yes. When an employer acts in the role of a health plan or health care provider, the employer must comply with HIPAA standards.

I am an employer and I do not provide on site healthcare for my employees. Do these HIPAA standards apply to me?

No. The HIPAA standards do not apply to you as an employer since you do not act in the role of a health plan or health care provider. Employers can voluntarily choose to use HIPAA standard transactions to expedite their health plan activities, such as enrollment.

Why all the DHHS delays in publishing the final HIPAA regulations?

Once a proposed rule is approved by the government, the public is given the opportunity to comment on the proposal, and those comments must be considered in development of the final rules. Most of the proposed HIPAA regulations generated thousands of public comments, and the time required to review and consider them has slowed the publication of final rules.

How does one become a HIPAA accredited agency?

There is really no such thing as becoming a HIPAA accredited agency. There is no agency at present, or, based on my knowledge, in the future, that will assume the role of accrediting an organization. On a side note, the healthcare industry at this point is very negative against any vendor who says they are HIPAA compliant. Their negative reaction is based on a number of reasons, 1) The majority of the rules are not yet final, 2) becoming HIPAA compliant requires a concerted effort from all parties, including the actual organization, its vendors, and its business associates.