|  | Healthcare Industry | Healthcare Management

HIPAA Privacy Laws for Medical Office Personnel

HIPAA stands for the Health Insurance Portability and Accountability Act enacted by the federal government in 1996. HIPAA was implemented on April 14, 2003, with the exception of small healthcare groups that came online in 2004. According to Privacy Rights Clearinghouse, "HIPAA only applies to medical records maintained by health care providers, health plans, and health clearinghouses--and only if the facility maintains and transmits records in electronic form."

  1. Code Set Requirements

    • After making a diagnosis, the doctor must find the proper diagnosis code.

      Along with this legislation came code set requirements. According to Centers for Medicare and Medicaid Services' HIPAA Information Series, "Code sets are the codes used to identify specific diagnosis and clinical procedures on claims and encounter forms." These code sets vary by caregiver, type of products and the medical setting involved. See references below for specific details on code set requirements.

    Enforcement

    • The power of enforcement rests in the hands of the OCR with help from the Department of Justice.

      The U. S. Department of Health and Human Services (HHS) is responsible for enforcing the HIPAA Privacy Rule and the HIPAA Security Rule through its Office for Civil Rights (OCR). The HIPAA Privacy Rule protects all personally identifiable health information. The HIPAA Security Rule set standards for the electronic transmission of information protected by HIPAA.

      According to the HHS's Office of Civil Rights, "The corrective actions obtained by OCR from covered entities have resulted in systemic change that has improved the privacy protection of health information for all individuals they serve."

      Complaints of HIPAA violation must be filed within 180 days of the incident. OCR investigates to determine if a privacy or security rule may have been violated and whether a possible crime may have been committed. Any possible criminal violation is referred to the Department of Justice for joint investigation and resolution.

    Revisions

    • Patients' electronic medical records must be safely locked away.

      After HIPAA was implemented in 2003, some complained about lack of enforcement. So, in February 2009, major revisions were adopted in the American Recovery and Reinvestment Act of 2009 (Public Law 111-5). Known more commonly as the Stimulus Law, it called for stricter enforcement and more rigid penalties for violators of HIPAA privacy and security rules.

    Application

    • By the time the bill reaches your patient's mailbox, it has passed through multiple hands.

      Three entities that obviously are subject to HIPAA rules: practitioners, group healthcare plans and healthcare clearinghouses that transform healthcare transactions from one format to another. What is less clear is which businesses that interact with these three groups are also subject to the HIPAA rules. If other businesses come in contact with private health information from these three sources, they may also be subject to HIPAA rules. Typically, these would be people involved in some form of medical billing.

Healthcare Management - Related Articles