|
Summary of HIPPA
October 2002:
Health Insurance Portability and Accountability Act (HIPAA)---
Administrative Simplification
The American Academy of Micropigmentation has recently become aware
of the new implementation of this Act of 1996 HIPPA for the month
of October 2002. If you are a practitioner in association with a
medical doctor either as an employee or independent contractor,
it is vital that you become knowledgeable as soon as possible with
this law as well as the severe financial penalities for not being
in proper compliance. Many local hospitals have developed strategic
planning for this law. You can contact them for further help.
For the practitioners who are independent, you need to become informed
about this new law as well. There are strong possibilities that
you too will be required to follow all the aspects of the HIPPA
as well. The American Academy of Micropigmentation will be undertaking
a leading role for our industry in developing manuals and instructions
for our members to cope with the new law in the very near future.
The Administrative Simplification provisions of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA, Title II) require
the Department of Health and Human Services to establish national
standards for electronic health care transactions and national identifiers
for providers, health plans, and employers. It also addresses the
security and privacy of health data. Adopting these standards will
improve the efficiency and effectiveness of the nation's health
care system by encouraging the widespread use of electronic data
interchange in health care.
Latest HIPAA Administrative Simplification News
Electronic Health Care Transactions and Code Sets Standards Model
Compliance Plan - Complete and submit this form before October 16,
2002 to receive a one-year extension for compliance as provided
by the Administrative Simplification Compliance Act.
Video Information - "Meeting the HIPAA Challange: "Implementing
HIPAA Standards and the Administrative Simplification Compliance
Act". The video is presently being webcast. There will be a
satellite broadcast of the video on September 10, 2002, at 2:00
PM ET. For more information. If you would like a free VHS copy of
the video, send an email to Medlearn@cms.hhs.gov and be sure to
include the video title, your full name, mailing address, and telephone
number.
HIPAA Roundtable - Want to learn more about HIPAA Administrative
Simplification??? Join us for the 3rd HIPAA Roundtable on September
30, 2002 from 2:00 - 3:30 pm EST. We invite anyone interested in
HIPAA to participate and to ask HIPAA questions during this forum.
The call-in number is 800-837-1935. Access code #5260079. We are
requesting callers to RSVP to Alikia Brown at: abrown1@cms.hhs.gov
or by fax to 410-786-1710. For questions about this roundtable,
contact Alikia at 410-786-4523 or call the HIPAA Administrative
Simplification hotline at 410-786-4232.
National Employer Identifier Standard Adopted
The Department of Health and Human Services has published a final
rule adopting the Employer Identification Number, issued by the
Internal Revenue Service, as the National Employer Identifier for
use in health care transactions. This is one of the standard identifiers
required by the Health Insurance Portability and Accountability
Act. You can view the final rule online (PDF, 216KB). The final
regulations which specify this identifier were published in the
Federal Register on May 31, 2002.
Proposed Rule to Repeal NDC Standard
The Department of Health and Human Services has proposed to repeal
the NDC code set as the standard code set to refer to drugs in health
care transactions. This proposed rule was published in the Federal
Register on May 31, 2002. You can view the proposed rule online
(PDF, 190KB). The comment period for this NPRM ends June 30, 2002.
Public comments on this rule can be emailed to CMS0003@cms.hhs.gov.
Proposed Rule to Adopt Changes to HIPAA Transaction Standards
The Department of Health and Human Services has proposed to adopt
changes to the HIPAA transaction standards, as recommended by the
Designated Standards Maintenance Organizations. This proposed rule
was published in the Federal Register on May 31, 2002. You can view
the proposed rule online (PDF, 159KB). The comment period for this
NPRM ends June 30, 2002. Public comments on this rule can be emailed
to CMS0005@cms.hhs.gov.
Health and Human Services HIPAA-related Links
HIPAA Administrative Simplification - Law, regulations, history
and general information - The Department of Health and Human Services
Administrative Simplification Web Site is the authoritative source
for the law, regulations, Frequently Asked Questions (FAQs), and
links to other important sites. This is an excellent starting point
to learn about the basics of Administrative Simplification and specific
legal requirements.
HIPAA Administrative Simplification Compliance Act Questions and
Answers
Standards for Privacy of Individually Identifiable Health Information
- The HIPAA Privacy Rule - HHS published the final Privacy Rule
on December 28, 2000. This rule gives patients greater access to
their own medical records and more control over how their personal
health information is used.
Medicare Electronic Data Interchange (EDI) - This is the official
Medicare website that contains important information about how providers
can communicate electronically with the Medicare program. This site
contains EDI formats and instructions, transaction mapping information,
statistics, FAQs about Medicare EDI, and other valuable EDI data.
Medicaid HIPAA Information - Includes Medicaid HIPAA Plus, the
Medicaid HIPAA Compliant/Concept Model, Informational briefs, Implementation
tools, and National Medicaid EDI HIPAA Workgroup Information.
National Provider Identifier - (PDF, 156KB)
HIPAA Health Insurance Reform - Title I of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA) protects health
insurance coverage for workers and their families when they change
or lose their jobs. Visit this site to find out about pre-existing
conditions and portability of health insurance coverage.
The National Committee on Vital and Health Statistics - A public
advisory board to the Secretary of Health and Human Services.
External HIPAA-related Links
HIPAA Implementation Guides - Acquiring the HIPAA transaction implementation
guides.
Designated Standard Maintenance Organizations (DSMO) - Requesting
changes to adopted standards.
Workgroup for Electronic Data Interchange (WEDI) - Fosters widespread
support for the adoption of electronic commerce in healthcare.
Strategic National Implementation Process (SNIP) - A collaborative
healthcare industry process for the development and implementation
of standards. Site includes white papers on transactions, security,
and privacy.
Other Resources
Still looking for answers to your HIPAA Administrative Simplification
questions? Send your question to AskHIPAA@cms.hhs.gov and we will
try to answer your questions. Or call the HIPAA Administrative Simplification
Hotline at 1-866-282-0659.
Centers for Medicare & Medicaid Services
7500 Security Boulevard, Baltimore MD 21244-1850
Phone: 410-786-3000
American Academy of Micropigmentation
2709 Medical Office Place
Goldsboro, North Carolina 27534
800-441-2515
e mail: zwerling@micropigmentation.org
Patient information of any nature is confidential. This includes
information from or about medical records, tests results, appointments,
and referrals. Even a patient’s presence at our medical practice
offices should not be disclosed.
Staff must not discuss patient information with anyone who is not
involved in the patient’s care and entitled to receive such
information. Do not discuss patient information with your family
members, friends, in a social conversations, etc. such breaches
of privacy/ confidentiality may subject employees to disciplinary
action, including termination.
When in doubt, do not disclose patient information until you ask
your supervisor or the Privacy Officer for Clarification (emergency
situations may be an exception).
As a general rule, patient information may be disclosed when specifically
authorized by the patient; when it is necessary for purposes of
treatment, payment, or health operations, or when required by law.
But there are rules that apply to each—Section B of this document
addresses disclosure for purposes of treatment, payment and health
operations; Section C addresses patient authorizations.
Be aware of confidentiality when answering patients questions,
providing test results, making appointments making referrals, checking
insurance eligibility, obtaining prior approvals, etc.
as general rule, an adult patient’s information cannot be
released to a patient’s spouse or other family member without
the patient’s authorization. For example, if a patient’s
husband calls asking for the results of his wife’s pregnancy
test - or other test results – our policy is to tell them
that “we are sorry, but we cannot release information without
the patients specific written authorization.”
Patient information regarding an adult child should not be disclosed
to a parent without the patient’s
authorization.
For minors, patient’s information cannot be released to third
parties without the consent of the parent or the patient’s
legal guardian.
Employees should not allow medical information on computer monitors
to be visible to patients.
Backups of computer files will be maintained by the Privacy Officer
and one other designated individual in a fireproof safe.
Do not disclosure your passwords to anyone, including other employees.
Passwords will be assigned by the privacy Officer, changed at appropriate
intervals, deleted when an employee leaves or is assigned to another
position, reissued when there is a concern that passwords are not
secure, etc.
Keep patient charts, encounter forms, and other documents face
down. Never leave such documents where unauthorized persons can
see or take them.
Use special receptacles marked Patient Information to Be Shredded
when disposing of any written material that may contain protected
patient information.
Place medical records, test results, and other information in slots
in exam room doors so that they face the door or wall.
Speak softly to others in person or over the phone.
Try to avoid stating the patient’s name whenever possible.
Receptionists should change the sign-in sheet to a new page at
least hourly.
Do not allow or require patients to write the reason for the visit
on sign-in sheet.
The fact that an individual is a patient at this medical practice
is confidential information.
Whenever possible, speak to patients about their medical information
in private offices and exam rooms.
Do not discuss the patient’s condition, reason for the visit,
and the like in the waiting area or in front of those not involved
in their care.
When making an appointment, ask the patient where they may be reached
to confirm the appointment, ask questions, or for other purposes.
If you call the patient to confirm an appointment, provide test
results, etc. and they are not available, simply leave a message
stating for them to call you at ________________. If you get an
answering machine (voice mail), simply leave a message with your
name and phone number.
Unless you are sure we have the patient’s permission to release
information, do not do so.
Unless you have the need to know, do not ask patients why they
are here, what problems they are having, and the like.
If you pull medical records, file information, etc.; do not read
any more information than necessary to complete the task at hand.
For example, if you are asked to pull a patient’s chart, you
so not need any more information from the chart than the patient’s
name and medical record number. If you are asked to find certain
information in the chart, do not read any more information than
necessary.
Information about employees that receive care will be considered
confidential just as if they were a patient who is not employed
by this medical practice.
When you see patients outside the office, do not ask specific questions
from your knowledge of their patient information unless you can
do so privately and it is appropriate.
Patient information should never be discussed or otherwise provided
in public or other areas where unauthorized persons could obtain
protected information.
|
