April 14, 2020 - by Parul Saini, Webmedy team
HIPAA is for Health Insurance Portability and Accountability Act. Declared in 1996 HIPAA is a federal rule that establishes a national standard to preserve medical records and other personal health data.
The HIPAA laws apply to:
Business associates of a protected entity are not openly controlled by the laws, but necessary contracts require them to protect the privacy of personally identifiable information. It is an act that gives security requirements and data privacy, to put patients' medical data safe.
The Privacy Rule needs medical providers to give people access to their PHI. After an individual demands data in writing (typically utilizing the provider's form for this purpose), a provider has up to 30 days to give a copy of the data to the person. A person may demand the information in an electric form or hard-copy, and the provider is committed to trying to agree to the demanded format. For providers employing an electronic health record (EHR) system that is verified using CEHRT (Certified Electronic Health Record Technology) standards, people must be enabled to get the PHI in electronic form.
These laws are known as the Transaction Code Set Standards. The ultimate rules for EDI and Code sets were executed on October 16, 2003. Many of the transaction management standards are yet under analysis and have not been declared. The goal of these regulations is to regulate the electronic interchange of information (transactions) among trading partners. These activities are mandated to be in the ANSI ASC X12 variant 4010 formats.
The HIPAA Code Set Regulations set a uniform standard of data components applied to document reasons why patients are examined and the methods performed during health care appointments. Analyses - ICD 9/10; Procedures - CPT 4, CDT; Supplies/Devices - HCPCS; Additional Clinical Data - Health Level Seven (HL7). HIPAA detailed administrative codes established for use in connection with certain transactions and HIPAA ejected state-specific local codes.
These laws set rules for preserving individually identifiable health information and for ensuring the rights of individuals to have more authority over such information. Privacy rules represent the rights of individuals and safety rules describe the method and technology needed to assure privacy.
These laws set standards for the security of electronically guarded health information (PHI). It sets out three types of security safeguards needed for compliance: administrative, physical, and technical. The following are the standards and specifications:
This includes policies and procedures intended to simply show how the entity will comply with the act of:
These laws set the standard individual health identifier for health care providers to clarify administrative processes, such as referrals and billing, to advance the efficiency of data, and decrease costs. The NPI replaces all other identifiers used by health plans, Medicare, Medicaid, and other government programs. But, the NPI does not substitute a provider's DEA number, state license number, or tax identification number. The NPI is 10 digits (may be alphanumeric), with the last digit holding a checksum. The NPI cannot include any enclosed intellect; in other words, the NPI is just a number that does not itself have any further meaning.
The law brings heavy civil and criminal fines for negligence to comply. US DHHS Office for Civil Rights will impose civil fines that may involve fines from $100 per breach to $25,000 per calendar year. US Department of Justice will impose criminal penalties which may add up to 10 years of confinement and a $250,000 penalty.