HIPAA is the Health Insurance Portability and Accountability Act, which was passed by the federal government in 1996. Intended to both streamline some paperwork processes and protect patients from privacy breaches and fraud. HIPAA regulations impact anyone who works in the healthcare industry. It also impacts everyone who seeks any type of medical care or treatment.
What Does HIPAA Do?
The HIPAA law is made up of several sections, including general and administrative requirements as well as security and privacy rules. The general requirements in the law dictate how and where federal regulations preempt state law and set guidelines for the enforcement of HIPAA compliance through agency and legal actions.
The administrative requirements section of the law covers a range of rules for healthcare providers and other covered entities. Some specifics of this section include:
- The requirement that every healthcare provider have a unique identification number and that the ID number be used when filing claims with payers.
- Rules regarding claims submissions, including standard coding sets and electronic data transmission requirements.
- Guidelines for tracking and authorizing referred treatment services.
- Minimum requirements for electronic remittance advice and healthcare payments.
- Standards for benefit coordination.
The overall purpose of the regulations set out in the administrative section of the HIPAA law is to streamline claims billing processes to facilitate more accurate payment and protect patients from fraud and abuse. The idea behind the HIPAA requirements is that, with all providers and healthcare payers using the same claims processes, forms, and submission criteria, things move faster and it is easier to spot providers who are billing incorrectly or fraudulently.
Health Insurance Portability
In addition to streamlining documentation and claims processes, HIPAA provides for the portability of health insurance. The purpose of insurance portability is to make it easier for individuals who move from one job to another to maintain healthcare coverage without a gap. Historically, when someone left one job, they were limited to COBRA benefits until they obtained a new job and made it through whatever trial period the new employer required before health coverage was provided – traditionally, 30 to 90 days.
Conversion coverage under HIPAA law lets employees keep benefits during the trial periods or if they take jobs that don't offer coverage. In order to qualify for the benefit, someone must have maintained coverage for a certain period of time without a long break in coverage prior to the change in employment.
Protected Health Information
HIPAA also defines protected health information, or PHI, and sets forth regulations for handling, safeguarding, and transferring such data. HIPAA protects any type of health information that can be used to individually identify a patient, whether that information is provided in oral or written format. Identifying health information includes:
- Phone numbers
- Email addresses
- Physical addresses
- Medical record numbers
- Social security numbers
- Dates of birth
- Descriptions of the individual
- Any data that can be tied specifically to a person
HIPAA requires that providers, healthcare payers, and industry vendors only use software that is HIPAA compliant to work with or share PHI. Covered entities under HIPAA law must also train staff for HIPAA compliance and ensure that all third-party work is completed in a HIPAA compliant manner.
HIPAA for the Health and Human Services Professional
For anyone entering the health and human services field, an understanding of HIPAA is critical for success. No job exists within or parallel to the healthcare industry that doesn't require some knowledge of HIPAA, and anyone managing a healthcare office, working in healthcare human resources, or dealing with patients in any capacity must have more than a basic understanding of the law.
One occupation undertaken by health and human services grads involves the management of healthcare records. From coding to medical records oversight, jobs that require individuals to interact with healthcare data are HIPAA intensive. These jobs require workers to safeguard data, protect patient confidentiality, and keep up with changing HIPAA regulations regarding data security, storage, and transmission.
Covered Entities and Contracted Services
Even outside of a provider's office, HIPAA comes into play. Anyone working for a covered entity must comply with HIPAA. Covered entities are any organization that may come into contact with patient data including software vendors, medical device companies, social work firms, insurance payers, and even cleaning services that contract with medical providers.
HIPAA in the Healthcare Workplace
Anyone managing healthcare workers in any capacity – including administrative team supervision, human resources, or clinical oversight – must ensure that all employees are well-trained in HIPAA regulations and that HIPAA rules are followed in day-to-day operations. Failure to comply with HIPAA can result in a range of consequences, including civil fines and sanctions for both organizations and individuals. In extreme cases where fraud occurred, criminal consequences may be levied – even when the person or organization was ignorant of the requirement.
Because HIPAA violations are taken so seriously and ignorance is not a defense, high-level healthcare workers must have a strong understanding of the law and maintain education about evolving requirements. Any degree in health and human services should include studies on industry regulations such as HIPAA.