Difference between revisions of "Health Insurance Portability and Accountability Act"
Shawndouglas (talk | contribs) m (Added cat) |
Shawndouglas (talk | contribs) (Modifying. Saving and modifying more.) |
||
Line 1: | Line 1: | ||
The '''Health Insurance Portability and Accountability Act of 1996''' ('''HIPAA''') was enacted by the United States Congress and signed by President Bill Clinton in 1996. | The '''Health Insurance Portability and Accountability Act of 1996''' ('''HIPAA''') was enacted by the United States Congress and signed by President Bill Clinton in 1996. Its intended purpose was "to improve portability and continuity of health insurance coverage in the group and individual markets; to combat waste, fraud, and abuse in health insurance and health care delivery; to promote the use of medical savings accounts; to improve access to long-term care services and coverage; [and] to simplify the administration of health insurance."<ref name="HIPAAGPO">{{cite web |url=http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/content-detail.html |title=Public Law 104 - 191 - Health Insurance Portability and Accountability Act of 1996 |publisher=U.S. Government Publishing Office |accessdate=11 February 2015}}</ref> | ||
On February 16, 2006, HHS issued the Final Rule regarding HIPAA enforcement. It became effective on March 16, 2006. The Enforcement Rule | ==History== | ||
==Structure== | |||
HIPAA is divided into five titles: | |||
'''Title I''': Health Care Access, Portability, and Renewability | |||
'''Title II''': Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform | |||
'''Title III''': Tax-Related Health Provisions | |||
'''Title IV''': Application and Enforcement of Group Health Plan Requirements | |||
'''Title V''': Revenue Offsets | |||
===Description=== | |||
Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. | |||
Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.<ref>{{cite web |url=http://www.cms.gov/HIPAAGenInfo/ |title=Overview HIPAA - General Information |publisher=Centers for Medicare and Medicaid Services |accessdate=28 February 2012}}</ref> Title II also addresses the security and privacy of health data, with the intend of improving the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system. | |||
==Enforcement== | |||
On February 16, 2006, HHS issued the Final Rule regarding HIPAA enforcement. It became effective on March 16, 2006. The Enforcement Rule set civil money penalties for violating HIPAA rules and established procedures for investigations and hearings for HIPAA violations. Before the enforcement rule, the deterrent effects of the legislation seemed negligible, with few prosecutions for violations.<ref name="SteinFines">{{cite web |url=http://www.washingtonpost.com/wp-dyn/content/article/2006/06/04/AR2006060400672.html |title=Medical Privacy Law Nets No Fines |author=Stein, Rob |publisher=The Washington Post |date=5 June 2006 |accessdate=28 February 2012}}</ref> Enforcement operations were ratcheted up further with the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, which greatly increased the financial penalties that could be applied to entities in non-compliance.<ref name="Solove10">{{cite journal |url=http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050149.hcsp?dDocName=bok1_050149 |title=HIPAA Turns 10: Analyzing the Past, Present and Future Impact |author=Solove, Daniel J. |journal=Journal of AHIMA |volume=84 |issue=4 |pages=22–28 |year=April 2013 |accessdate=11 February 2015}}</ref> | |||
By the end of 2014, the U.S. Department of Health and Human Resources (HHS) reported investigating 106,522 HIPAA complaints against national pharmacy chains, major health care centers, insurance groups, hospital chains and other small providers since April 2003. The HHS reported 23,314 of those cases had been resolved by requiring changes in privacy practice or by corrective action. 10,566 cases were investigated and found that HIPAA was followed correctly. Another 68,412 cases were found to be ineligible for enforcement because, for example, a violation occurred before HIPAA became effective, a case was withdrawn by the pursuer, or an activity did not actually violate the rules.<ref name="HHSEnforceArch">{{cite web |url=http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html |archiveurl=https://web.archive.org/web/20150211170207/http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html |title=Enforcement Highlights |publisher=U.S. Department of Health and Human Services |date=15 January 2015 |archivedate=11 February 2015 |accessdate=11 February 2015}}</ref> | |||
According to the HHS, the most commonly investigated compliance issue, by order of frequency, have been<ref name="HHSEnforceArch" />: | |||
# incorrectly used or revealed protected health information (PHI); | |||
# insufficient protection mechanisms for PHI; | |||
# insufficient mechanisms for patients to access their PHI; | |||
# insufficient administrative protections and tools for managing electronic PHI; and | |||
# usage and disclosure of more PHI than minimally necessary. | |||
The HHS also stated the entities most likely to be responsible for infractions, by order of frequency, have been<ref name="HHSEnforceArch" />: | |||
# private practices; | |||
# general hospitals; | |||
# outpatient facilities; | |||
# pharmacies; and | |||
# health plans (group health plans and health insurance issuers). | |||
==Impact== | |||
The enactment of HIPAA caused major changes in the way physicians and medical centers operate. The complex legalities and potentially stiff penalties associated with HIPAA, as well as the increase in paperwork and the cost of its implementation, were causes for concern among physicians and medical centers. Many of those concerns were expressed in an August 2006 paper published in the journal ''Annals of Internal Medicine''.<ref name="WilsonAnnals">{{cite journal |author=Wilson, Jennifer Fisher |title=Health Insurance Portability and Accountability Act Privacy Rule Causes Ongoing Concerns among Clinicians and Researchers |journal=Annals of Internal Medicine |volume=145 |issue=4 |pages=313–6 |year=2006 |pmid=16908928 |doi=10.7326/0003-4819-145-4-200608150-00019 |accessdate=11 February 2015}}</ref> It mentions a University of Michigan study that demonstrated how the implementation of the HIPAA Privacy rule resulted in a drop from 96 percent to 34 percent in the proportion of follow-up surveys completed by study patients being followed after a heart attack.<ref name="WilsonAnnals"><ref name="Armstrong">{{cite journal |author=Armstrong, David; Kline-Rogers, Eva; Jani, Sandeep M.; Goldman, Edward B.; Fang, Jianming; Mukherjee, Debabrata; Nallamothu, Brahmajee N.; Eagle, Kim A. |title=Potential Impact of the HIPAA Privacy Rule on Data Collection in a Registry of Patients With Acute Coronary Syndrome |journal=Archives of Internal Medicine |volume=165 |issue=10 |pages=1125–9 |year=2005 |pmid=15911725 |doi=10.1001/archinte.165.10.1125 |accessdate=11 February 2015}}</ref> | |||
==Audit guidelines and checklist== | ==Audit guidelines and checklist== | ||
Line 11: | Line 56: | ||
Click the link above for the full set of guidelines and checklist items as they relate to HIPAA. | Click the link above for the full set of guidelines and checklist items as they relate to HIPAA. | ||
==Further reading== | |||
* {{cite web |url=http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/content-detail.html |title=Public Law 104 - 191 - Health Insurance Portability and Accountability Act of 1996 |publisher=U.S. Government Publishing Office}} | |||
==References== | ==References== |
Revision as of 18:04, 11 February 2015
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. Its intended purpose was "to improve portability and continuity of health insurance coverage in the group and individual markets; to combat waste, fraud, and abuse in health insurance and health care delivery; to promote the use of medical savings accounts; to improve access to long-term care services and coverage; [and] to simplify the administration of health insurance."[1]
History
Structure
HIPAA is divided into five titles:
Title I: Health Care Access, Portability, and Renewability
Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform
Title III: Tax-Related Health Provisions
Title IV: Application and Enforcement of Group Health Plan Requirements
Title V: Revenue Offsets
Description
Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.
Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.[2] Title II also addresses the security and privacy of health data, with the intend of improving the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.
Enforcement
On February 16, 2006, HHS issued the Final Rule regarding HIPAA enforcement. It became effective on March 16, 2006. The Enforcement Rule set civil money penalties for violating HIPAA rules and established procedures for investigations and hearings for HIPAA violations. Before the enforcement rule, the deterrent effects of the legislation seemed negligible, with few prosecutions for violations.[3] Enforcement operations were ratcheted up further with the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, which greatly increased the financial penalties that could be applied to entities in non-compliance.[4]
By the end of 2014, the U.S. Department of Health and Human Resources (HHS) reported investigating 106,522 HIPAA complaints against national pharmacy chains, major health care centers, insurance groups, hospital chains and other small providers since April 2003. The HHS reported 23,314 of those cases had been resolved by requiring changes in privacy practice or by corrective action. 10,566 cases were investigated and found that HIPAA was followed correctly. Another 68,412 cases were found to be ineligible for enforcement because, for example, a violation occurred before HIPAA became effective, a case was withdrawn by the pursuer, or an activity did not actually violate the rules.[5]
According to the HHS, the most commonly investigated compliance issue, by order of frequency, have been[5]:
- incorrectly used or revealed protected health information (PHI);
- insufficient protection mechanisms for PHI;
- insufficient mechanisms for patients to access their PHI;
- insufficient administrative protections and tools for managing electronic PHI; and
- usage and disclosure of more PHI than minimally necessary.
The HHS also stated the entities most likely to be responsible for infractions, by order of frequency, have been[5]:
- private practices;
- general hospitals;
- outpatient facilities;
- pharmacies; and
- health plans (group health plans and health insurance issuers).
Impact
The enactment of HIPAA caused major changes in the way physicians and medical centers operate. The complex legalities and potentially stiff penalties associated with HIPAA, as well as the increase in paperwork and the cost of its implementation, were causes for concern among physicians and medical centers. Many of those concerns were expressed in an August 2006 paper published in the journal Annals of Internal Medicine.[6] It mentions a University of Michigan study that demonstrated how the implementation of the HIPAA Privacy rule resulted in a drop from 96 percent to 34 percent in the proportion of follow-up surveys completed by study patients being followed after a heart attack.Cite error: Closing </ref>
missing for <ref>
tag
Audit guidelines and checklist
For those auditing computer systems and IT environments for their compliance with the Health Insurance Portability and Accountability Act and other regulations, a set of guidelines and checklist items may be useful.
Click the link above for the full set of guidelines and checklist items as they relate to HIPAA.
Further reading
- "Public Law 104 - 191 - Health Insurance Portability and Accountability Act of 1996". U.S. Government Publishing Office. http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/content-detail.html.
References
- ↑ "Public Law 104 - 191 - Health Insurance Portability and Accountability Act of 1996". U.S. Government Publishing Office. http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/content-detail.html. Retrieved 11 February 2015.
- ↑ "Overview HIPAA - General Information". Centers for Medicare and Medicaid Services. http://www.cms.gov/HIPAAGenInfo/. Retrieved 28 February 2012.
- ↑ Stein, Rob (5 June 2006). "Medical Privacy Law Nets No Fines". The Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2006/06/04/AR2006060400672.html. Retrieved 28 February 2012.
- ↑ Solove, Daniel J. (April 2013). "HIPAA Turns 10: Analyzing the Past, Present and Future Impact". Journal of AHIMA 84 (4): 22–28. http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050149.hcsp?dDocName=bok1_050149. Retrieved 11 February 2015.
- ↑ 5.0 5.1 5.2 "Enforcement Highlights". U.S. Department of Health and Human Services. 15 January 2015. Archived from the original on 11 February 2015. https://web.archive.org/web/20150211170207/http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html. Retrieved 11 February 2015.
- ↑ Wilson, Jennifer Fisher (2006). "Health Insurance Portability and Accountability Act Privacy Rule Causes Ongoing Concerns among Clinicians and Researchers". Annals of Internal Medicine 145 (4): 313–6. doi:10.7326/0003-4819-145-4-200608150-00019. PMID 16908928.