| |
|
|
|
|
| |
HIPAA Compliance |
|
| |
HIPAA Compliance Time Line: October 16, 2003 for Medicare Submissions
Days remaining:
0 |
|
|
|
| |
Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which required the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions. All covered entities must be in compliance with the electronic transactions and code sets standards by October 16, 2003. |
|
| |
The Secretary has made the Centers for Medicare & Medicaid Services (CMS) responsible for enforcing the electronic transactions and code sets provisions of the law. Under section 1176(b) of the Social Security Act, HHS may not impose a civil money penalty where the failure to comply is based on reasonable cause and is not due to willful neglect. In determining negligence, CMS would examine whether the health plan undertook a course of outreach actions to its trading partners on awareness and testing, with particular focus on the actions that occurred prior to October 16 th, 2003. |
|
| |
|
|
|
|
| |
Start HIPAA Compliance Efforts Now |
|
|
|
| |
HIPAA Compliance efforts started now can be documented to meet CMS requirements to avoid possible fines. |
|
| |
HIPAA Compliance Plans will be required of Covered Entities, which are not fully compliant. All initial actions of the CMS in this regard will typically be in response to a complaint being filed. Those Covered Entities able to show efforts started before 10/16/03 are more likely to avoid penalties and fines. They will also likely be required to file a Plan to attain compliance. Cates-Associates can provide assistance for pre and post 10/16/03 efforts. |
Reference |
|
| |
Avoid HIPAA compliance problems. Start now with a Risk Assessment Study. Contact us at 800-456-0890 |
|
|
| |
Penalties
42 U.S.C. 1320d-1(a). The statute requires certain consultations with industry as a predicate to the issuance of standards and gives most covered entities 2 years (small health plans have 3 years) to come into compliance with the standards, once adopted. 42 U.S.C. 1320d-1(c), 42 U.S.C. 1320d-4(b). The statute establishes civil money penalties and criminal penalties for violations. 42 U.S.C. 1320d-5, 42 U.S.C. 1320d-6. HHS will enforce the civil money penalties, while the U.S. Department of Justice will enforce the criminal penalties.
The HIPAA statute was adopted 10/16/2000.
The compliance time limit for major health providers was 10/16/02.
The compliance time limit for small health providers is 10/16/03.
|
|
|
|
| |
|
|
|
|
|
What is HIPAA Privacy Rule? |
|
|
|
| |
The HIPAA Privacy Rule (Standards for Privacy of Individually Identifiable Health Information) (3) provides the first national standards for protecting the privacy of health information. The Privacy Rule regulates how certain entities, called covered entities, use and disclose certain individually identifiable health information, called protected health information (PHI). PHI is individually identifiable health information that is transmitted or maintained in any form or medium (e.g., electronic, paper, or oral), but excludes certain educational records and employment records. Among other provisions, the Privacy Rule:
- gives patients more control over their health information;
- sets boundaries on the use and release of health records;
- establishes appropriate safeguards that the majority of health-care providers and others must achieve to protect the privacy of health information;
- holds violators accountable with civil and criminal penalties that can be imposed if they violate patients' privacy rights;
- strikes a balance when public health responsibilities support disclosure of certain forms of data;
- enables patients to make informed choices based on how individual health information may be used;
- enables patients to find out how their information may be used and what disclosures of their information have been made;
- generally limits release of information to the minimum reasonably needed for the purpose of the disclosure;
- generally gives patients the right to obtain a copy of their own health records and request corrections; and
- empowers individuals to control certain uses and disclosures of their health information.
The deadline to comply with the Privacy Rule is April 14, 2003, for the majority of the three types of covered entities specified by the rule [45 CFR § 160.102]. The covered entities are:
- health plans,
- health-care clearinghouses, and
- health-care providers who transmit health information in electronic form in connection with certain transactions.
|
|
|
|
| |
|
|
|
|
| |
HIPAA Consulting |
|
|
|
| |
Contact Cates-Associates for more information. 800-4596-0890 |
|
|
| |
|
|
|
|
| |
References |
|
|
|
| |
Centers for Disease Control and Prevention - HIPAA Articles: |
HIPAA Reference |
|
| |
HIPAA.org: |
HIPAA Reference |
|
 |
