Wednesday, April 23, 2014

Articles > HIPAA Rules and Regulations Compliance

HIPAA Rules and Regulations Compliance

by HIPAA on April 7, 2014

The HHS has required that all parties involved with PHI transmission to be in compliance with the new HIPAA version 5010 and D.0 as of January 1 , 2012, replacing the older 4010, 4010A1 and 5.1 standards. HIPAA rules and regulations 5010 consist of 850 new changes in the way data entry is inputted and also transforms all electronic claims transactions (ECT). These changes were designed to reduce the magnitude of claims processes, as well as the need for personnel, thereby reducing overall costs. Submission errors have been the scourge of medical billing, and HIPAA 5010 was meant to address the issue by speeding up the payment process.

HIPAA Rules and Regulations

HIPAA Rules and Regulations Compliance
The HIPAA Audit Program has already started in November 2011, but will run through the end of 2012. A major study has thus far reported that although mobile devices are utilized for patient data at 81% of organizations, only 49% have put into place security measures to protect the data, with a mere 24% using encryption technology. 80% of doctors are estimated to use mobile devices in the regular course of practice. So HIPAA rules and regulations are catching up with mobile technology.

Since all health care sectors will be impacted by HIPAA 5010, including but not limited to, medical and dental practitioners, hospitals, pharmacies and medical insurance companies, it is wise for all concerned to become cognizant of the 5 main HIPAA rules and regulations as follows:

1) Privacy rule:
This rule, which can be located at 45 CFR part 160 and part 164, covers the safeguards needed to protect patient rights, such as the ability to examine and make corrections to their health records.

2) Security rule:
This applies to steps required to be taken to ensure the protection of electronically transmitted Protected Health Information (PHI) and concentrates on the administrative, physical and technical aspects of security.

3) Transactions rule:
The following code sets are detailed: ICD-9-CM, ICD-10-CM, HCPCS, CPT-3, CPT-4, and NDC.

4) Identifiers rule:
Covered entities are to be grouped into 3 unique identifiers: Standard Unique Employer, National Provider, and National Health Plan. This is to provide consistency, efficiency and standards throughout the industry.

5) Enforcement rule:
This is in accordance with the AARA HITECH Act, which regulates covered entities as well as business associates, and provides for new mandates to be implemented and possible criminal or civil penalties.

The penalties for not being in compliance with HIPAA 5010 can be severe indeed:

* Ignorance: $100 to $50,000 per violation, maximum to be $1.5 Million
* Unwillful neglect: $1,000 to $50,000 per violation, repeat violations are assessed at $100,000, with the maximum set at $1.5 Million
* Willful neglect but corrected: $10,000 to $50,000, repeated violations are $250,000, maximum per year is $1.5 Million
* Willful neglect and not corected: $50,000 on each violation and $1.5 Million annual maximum

HIPAA Rules and Regulations

Negligence by employees is a common occurrence and very costly for health care organizations, therefore prevention or employing an HIPAA compliant offsite data center are strongly recommended. Business associates can also be a source of breach, thus selection of such is to be carefully researched. Make sure your employees are compliant with HIPAA rules and regulations.

The new HIPAA rules and regulations are furthermore just a prelude to the new ICD-10 codes that are due to be implemented in October of 2013, thus familiarity with HIPAA 5010 now can only make the transition that much more efficient. State departments of health and medical billing providers can be excellent sources of information toward this goal.

Tags: , , , , ,


HIPAA Related Entries

{ 9 comments… read them below or add one }

shita stander October 27, 2012 at 7:11 pm

well it should come, u can just go to Messnger- Sign in to a Mobile Device …or on ur cell phone , just directly sign into yahoo messenger or go to Messenger- Preferences- General…at the bottom there is a section for mobile devices !! hope it helps :)

beatoffo November 22, 2012 at 5:35 pm

Any executive golf course I've seen has always been a par 3 golf course consisting of all 9, par 3 holes. A par 35 or 36 course would be a regular course. You are right.

facintings allingevil December 10, 2012 at 4:56 pm

Yes, my employer offers it. It's not as good as human medical insurance, but it does help a little.

atka holtheonar December 21, 2012 at 5:37 pm

Health Insurance Portability and Accountability Act

devare vbogger January 3, 2013 at 7:14 am

Scroll down to applicable laws/regulations and related links…"HIPAA Medical Privacy Rule."

Also see this link regarding new rules, effective January 2009. Scroll down to, "medical certification."

ris ble January 9, 2013 at 4:00 am

If your letter was about the treatment you received at a facility to which your doctor referred you, but did not discuss your medical history/condition, then chances are that is not considered "protected health information" under HIPAA.

Did you copy and route the letter to other parties or did your doctor? If you did it, then what's the complaint? If your doctor did it, she may have felt your concerns were valid and she wanted to make her colleagues aware of the treatment that patients were receiving at this facility so they would not make future referrals. Did you mark the letter as "Personal and Confidential"? If you did not do that, then you did not advise the doctor that you did not want her to share it with others.

Most all correspondence between a doctor and a patient are included in the patient's medical record. However, a medical record should only be accessible to those with a "need to know" because they are actively involved in your treatment. It's not as if your medical record (and this letter) will be placed in the waiting room along with the magazines for other patients to browse while they wait to be [...]

peschollos January 16, 2013 at 4:59 pm

Scroll down to applicable laws/regulations and related links…"HIPAA Medical Privacy Rule."

Also see this link regarding new rules, effective January 2009. Scroll down to, "medical certification."

instinley doolmann January 17, 2013 at 8:17 pm

No, he can't tell anybody about your health. That's why your medical records are called "Protected health information." The doctor can't even tell someone you're his patient.

combrock March 5, 2013 at 6:48 pm

You do need a merchant account. Don't go to your bank for it, though. They don't provide the best rates by far. You need a specialized merchant account provider and you can easily find many just by Google-ing "merchant account" or "credit card processing". You should not accept a rate higher than 1.69% + $0.20 per transaction.

You will need a payment processing terminal and your merchant account provider will lease or sell you one. The price should not be higher than $200. Other than that, be sure to carefully review the whole pricing agreement for charges that may make it more expensive than it seems. You should not be charged for monthly processing minimums, set up or annual fees. You will have to pay a monthly statement fee – it is a bank fee and cannot be escaped; more than $15 is excessive.

Good luck!

Previous post:

Next post: