1. What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a far-reaching federal law affecting health insurance policies in the United States. One part of this Act, the Administrative Simplification subtitle, issues rules governing the confidentiality and security of health and healthcare information, and rules concerning the way in which healthcare organizations (notably payers, providers, and clearinghouses, but potentially also vendors, financial institutions, and others) transfer confidential patient data between themselves. Although Administrative Simplification is only one part of a large law, it is this subtitle which is generating the most discussion and which will have the biggest impact upon the way business is conducted in the healthcare industry.
... to the top?
2. How will the Administrative Simplification rules of HIPAA affect healthcare organizations?
The Admin Simp rules are far-reaching. Among other things, they cover an organization's internal procedures to guard the integrity, confidentiality, and availability of patient data (including administrative procedures, physical safeguards, and technical security services). They also include technical security mechanisms to guard against unauthorized access to data that is transmitted over a network. They dictate that business transactions that are transmitted over a network must be interoperable, that is, they must use a standard format which is accepted and recognized by the industry.
These are things that will be good for the healthcare industry, but getting there is going to be a difficult process.
... to the top?
3. What does my organization have to do to ensure HIPAA compliance?
At this point, no one can tell you. Most of the rules are scheduled to take effect in 2002, but many of them have not yet been approved in their final form. Moreover, the rules in Admin Simp tend to be phrased in an open-ended way. For example, "Each organization would be required to implement entity authentication..." The law does not specify whether this is by password, callback, or retinal scan; it is up to the organization itself to assess its needs and implement a suitable strategy to accommodate each requirement. Since HIPAA covers healthcare organizations from small provider offices up to huge payer organizations, the methods of implementation will vary among different organizations.
... to the top?
4. So again, how does my organization achieve HIPAA compliance?
Your best bet is to achieve an understanding of the law. Several organizations, both commercial and nonprofit, are already working to provide tools for assessing HIPAA compliance as well as tools for implementing HIPAA-compliant solutions to existing practices. Depending on your organization's status and current practices, there could be great variation in what must be done to achieve HIPAA compliance, so making some assessment of your baseline HIPAA compliance then working to address known gaps is probably a better solution than a plug-and-play HIPAA application.
... to the top?
5. What role does CertSite play in the HIPAA arena?
CertSite is a member of nonprofit and trade organizations that are deeply involved with this legislation and our executive staff volunteer in task forces directed at assessing and implementing HIPAA compliance in healthcare organizations and healthcare business transactions.
CertSite is not in a position to bring your internal systems into HIPAA compliance. But what we can do, and pledge to do, is to conduct your UM-related transactions in a manner that is HIPAA compliant. Every aspect of our business, every transaction we process, will be covered by these Admin Simp rules and we therefore assume responsibility for making sure that when we handle your transaction, it is done in a HIPAA-compliant fashion. That, at least, will be one less thing for you to worry about.
Additionally, all CertSite users can make use of the CertSite messaging system. This system allows for secure, HIPAA-compliant communication between providers and payers. All messages are stored on our secure server and are accessed through a secure (SSL) connection.
... to the top?
6. Where can I get more information?
There are several good sources for those interested in learning more:
These are just a small sampling of HIPAA-related information sites on the web. Over the next two years, as HIPAA comes to occupy more and more of the healthcare mindshare, there are certain to be a large number of informational sites.
... to the top?