HIPAA
Health Insurance Portability and Accountability Act of 1996
Health Insurance Portability and Accountability Act of 1996
Under both the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm-Leach-Bliley Act, LifeWise must take measures to protect the privacy of our members’ personal information. In addition, other state and federal privacy laws may provide additional privacy protection. Personal information includes the member’s name, Social Security number, address, telephone number, account number, employment, medical history, health records, and claims information.
To learn more about HIPAA information specific to providers, visit our member privacy practices page.
The Administrative Simplification part of HIPAA aims to reduce administrative costs in the healthcare industry through adopting and using standardized, electronic transmission of administrative and financial data.
Administrative Simplification encompasses five key elements:
HIPAA privacy regulations require standards that protect the privacy of PPI. These rules include strict limits on how information can be used and disclosed.
HIPAA's Administrative Simplification provisions also require security standards to protect health information transmitted or stored electronically. The regulations require physical, technical and procedural safeguards to keep electronic healthcare information secure.
Providers, healthcare payers and clearinghouses must use "standard" formats to exchange healthcare transactions electronically.
The standard formats for HIPAA transactions are the American National Standards Institute (ANSI) ASC X12N, Version 4010A1. These formats apply to the following common business functions:
Transaction Name | Number |
---|---|
Healthcare Claims | 837 |
Healthcare Claim Payment Advice | 835 |
Payroll Deducted and Other Group Premium Payment | 820 |
Benefit Enrollment and Maintenance | 834 |
Healthcare Services Review | 278 |
Healthcare Eligibility Benefit Inquiry and Response | 270/271 |
Healthcare Claim Status Request and Response | 276/277 |
Electronic data exchange will require using standard code sets. The medical code sets used to identify data include:
The non-medical code sets include codes for place of service, revenue codes, relationship and more.
Standard national identifiers are assigned to providers, employers and health plans. These "unique identifiers" will permit electronic data exchange and matching for all health insurance related transactions.
While we are committed to collaborating with our physicians and providers on issues related to HIPAA that affect our business relationships, we cannot take responsibility for ensuring that our providers' business processes and practices comply with the law. Because of HIPAA's complexities, we recommend that you seek legal counsel to determine your obligations under this act.
The privacy regulation requires covered entities to protect PPI and grant individuals other rights as described, without creating obstacles to care and treatment. It applies to information that is transmitted electronically, orally or on paper.
HIPAA states that other federal and state laws that provide more personal privacy protection still apply. LifeWise must also consider:
A person has the right to request an accounting of disclosures made outside a covered entity's routine business functions. LifeWise's routine business functions include payment and healthcare operations, while providers' routine business functions would also include treatment.
In most cases, a covered entity must obtain written authorization from the person before using or disclosing his or her PPI for other than routine business functions.
In most cases, our interactions with you will be business as usual. Generally, PPI can be shared between physicians, other providers and the health plan as we carry out "routine business functions" which include the following activities:
In most instances, healthcare providers are not the business associates of the health plan, so there won't be changes to your contracts with LifeWise. LifeWise has developed its standard Business Associate Agreements and will be working with vendors and contractors over the next few months to implement them.
Individuals have the right to complain to a covered entity and to the U.S. Department of Health and Human Services (DHHS) Secretary if they believe their privacy rights have been violated.
Individuals have the right to request that a covered entity communicate with them at an alternate location if they believe that disclosing all or part of their health information could endanger them.
A person has the right to request to review, obtain copies and amend their PPI.
When requesting or disclosing information, covered entities must ensure that they ask for or disclose the minimum amount of PPI needed to accomplish the intent of the disclosure. Covered entities must also ensure that the access employees have to PPIis limited to the minimum necessary to perform their jobs. However, one covered entity can rely on the request for PPI from another covered entity as being the minimum necessary as long as the requesting covered entity indicates that the PPI is related to treatment, payment or healthcare operations (TPO).
In most situations, parents have control over the health information of their minor children. In certain situations, however, state laws give minors rights that take precedence over HIPAA privacy regulations. In some circumstances, state public health and insurance laws prohibit health plans from disclosing sensitive information such as PPI relating to chemical dependency, mental health, reproductive health, HIV/AIDS/STDs - unless the person's specifically authorizes us to do so.
All covered entities must provide notice of a patient's privacy rights as well as their privacy practices.
A covered entity must designate a "Privacy Official" responsible for developing and implementing its privacy policies and procedures.
Covered entities can use a single authorization form for using and disclosing PPI for research, as well as informed consent for the research.
Covered entities can disclose PPI to the FDA for public health purposes relating to quality, safety or effectiveness of FDA-regulated products or activities. This includes reporting adverse events and defects or problems with FDA-regulated products.
HIPAA requires that covered entities choosing to exchange data electronically use the standard transactions, including code sets and unique identifiers.
Unique identifiers that HIPAA requires standardized:
National Provider Identifier (NPI)
The NPI is a unique identification number for healthcare providers to use with administrative and financial transactions.
National Employer Identifier (EIN)
The EIN is a unique identification number for employers and employer groups. The employer tax ID number (TIN) assigned by the IRS was adopted as the EIN.
National Health Plan Identifier (HPIN)
The HPIN is a unique identification number for health plans
For questions about HIPAA Transaction-related regulatory compliance (Transactions, Code Sets, National Identifiers, and Security) call the Centers for Medicare and Medicaid (CMS) at 410-786-4232 (local) or 866-282-0659.
If you intend to submit claims and conduct other HIPAA transactions electronically, you need to understand the costs involved in complying with standard formats. As you plan your HIPAA compliance strategy, we want to emphasize the importance of maintaining flexibility in your electronic transaction options - regardless of whether you intend to use a clearinghouse service, submit the transactions directly to a payer or some combination of both.
First, you must understand your PMS vendor's approach to HIPAA compliance, which generally falls into two categories:
If your PMS vendor will not provide the necessary transaction flexibility, there are alternatives that do not require switching to a new office management system. Several vendors offer software packages that will extract claims from practice management systems and:
Contact the EDI team at 800-435-2715 or via email at edi@lifewisehealth.com.
You can find guides on the Washington Publishing website
LifeWise provides the following links for your convenience, and does not make any representations or warranties that the information contained on these sites is accurate and complete. Please be aware that these links will take you to other sites not associated with or endorsed by LifeWise.