The HHS has required that all parties involved with PHI transmission to be in compliance with the new HIPAA version 5010 and D.0 as of January 1 , 2012, replacing the older 4010, 4010A1 and 5.1 standards. HIPAA rules and regulations 5010 consist of 850 new changes in the way data entry is inputted and also transforms all electronic claims transactions (ECT). These changes were designed to reduce the magnitude of claims processes, as well as the need for personnel, thereby reducing overall costs. Submission errors have been the scourge of medical billing, and HIPAA 5010 was meant to address the issue by speeding up the payment process.
HIPAA Rules and Regulations
The HIPAA Audit Program has already started in November 2011, but will run through the end of 2012. A major study has thus far reported that although mobile devices are utilized for patient data at 81% of organizations, only 49% have put into place security measures to protect the data, with a mere 24% using encryption technology. 80% of doctors are estimated to use mobile devices in the regular course of practice. So HIPAA rules and regulations are catching up with mobile technology.
Since all health care sectors will be impacted by HIPAA 5010, including but not limited to, medical and dental practitioners, hospitals, pharmacies and medical insurance companies, it is wise for all concerned to become cognizant of the 5 main HIPAA rules and regulations as follows:
1) Privacy rule:
This rule, which can be located at 45 CFR part 160 and part 164, covers the safeguards needed to protect patient rights, such as the ability to examine and make corrections to their health records.
2) Security rule:
This applies to steps required to be taken to ensure the protection of electronically transmitted Protected Health Information (PHI) and concentrates on the administrative, physical and technical aspects of security.
3) Transactions rule:
The following code sets are detailed: ICD-9-CM, ICD-10-CM, HCPCS, CPT-3, CPT-4, and NDC.
4) Identifiers rule:
Covered entities are to be grouped into 3 unique identifiers: Standard Unique Employer, National Provider, and National Health Plan. This is to provide consistency, efficiency and standards throughout the industry.
5) Enforcement rule:
This is in accordance with the AARA HITECH Act, which regulates covered entities as well as business associates, and provides for new mandates to be implemented and possible criminal or civil penalties.
The penalties for not being in compliance with HIPAA 5010 can be severe indeed:
* Ignorance: $100 to $50,000 per violation, maximum to be $1.5 Million
* Unwillful neglect: $1,000 to $50,000 per violation, repeat violations are assessed at $100,000, with the maximum set at $1.5 Million
* Willful neglect but corrected: $10,000 to $50,000, repeated violations are $250,000, maximum per year is $1.5 Million
* Willful neglect and not corected: $50,000 on each violation and $1.5 Million annual maximum
HIPAA Rules and Regulations
Negligence by employees is a common occurrence and very costly for health care organizations, therefore prevention or employing an HIPAA compliant offsite data center are strongly recommended. Business associates can also be a source of breach, thus selection of such is to be carefully researched. Make sure your employees are compliant with HIPAA rules and regulations.
The new HIPAA rules and regulations are furthermore just a prelude to the new ICD-10 codes that are due to be implemented in October of 2013, thus familiarity with HIPAA 5010 now can only make the transition that much more efficient. State departments of health and medical billing providers can be excellent sources of information toward this goal.