HIPAA Laws explained. What does HIPAA stand for and how the HIPAA Act affects Medical Billing and Coding. The Health Insurance Portability and Accountability Act (HIPAA or HIPAA Act) was passed by Congress in 1996. This act contains provisions to improve the portability (part of the namesake) of health insurance and protect the privacy and security of patient information.

HIPAA also include provisions to address the prevention of fraud and abuse, administrative simplification, adopt standards for electronic data exchange, and establish the medical savings account.

The HIPAA act is organized by five sub-groups or titles. Title’s I and II are the particular HIPAA laws which most affect on the health care reimbursement process for the medical billing specialist and coder.

Title I – Health Care Access, Portability, and Renewability.
Title I of the HIPAA law protects health insurance coverage for workers and their families to provide access to health care when changing jobs or loosing a job. It also limits restrictions by health plans on benefits and premiums for preexisting health conditions. Title I includes additional provisions to guarantee renewability in multiemployer plans and multiple employer welfare arrangements

Title II – Preventing Health Care Fraud and Abuse, Administrative Simplification, and Medical Liability Reform. 
Title II establishes security and privacy requirements for patient health information. It also sets standards for electronic health care transactions, the creation of national identifiers for providers, health insurance providers, employers, and patients. Adopting these standards will improve the efficiency and effectiveness of the nation’s health care system by encouraging the widespread use of electronic data interchange in health care.

The U.S. Department of Health and Human Services (DHHS) is responsible for developing and publishing implementation rules for HIPAA laws. Everyone affected by HIPAA must comply with the standards within two years of when adopted.

Fraud and Abuse: Establishes several fraud and abuse control programs and makes revisions to the current sanctions and criminal law. The DHHS Office of the Inspector General (OIG) bears the responsibility of investigating Medicare fraud and presenting the case for criminal or civil prosecution. Some of the more common types of fraud are un-bundling codes, receiving kickbacks, submitting claims for services not rendered, and falsifying medical records.

Administrative Simplification: In addition, Title II establishes standards for the protection and security of individually identifiable health information, and provides penalties for its wrongful disclosure.

  • Privacy – The Privacy Rule address the protection of patient Protected Health Information (PHI) and regulates the disclosure of this information. It is applicable to covered entities which includes providers and their employees and contractors, insurance carriers, and clearinghouses.
  • Security – The Security Rule applies primarily to electronic information and complements the privacy rule. There are three security safeguards required by the security rule; administrative, physical, and technical for which the rule sets standards.
  • EDI – Sets requirements for standard transaction formats and code sets for the electronic transmission of health information. This provision was supposed to take effect in 2003 but due to confusion and challenges incorporating these standards, CMS granted extensions and allowed leniency for those making an effort to comply.

Administrative simplification of HIPAA law also called for the establishment of unique identifiers for:

  • Insurance Companies – National Health PlanID
  • Providers – National Provider Identifier or NPI
  • Employers – National Standard Employer Identification Number or EIN
  • Patient – National Individual Identifier (on hold pending Congressional action)

Title III – Tax Related Health Provisions

Established medical savings accounts and increased the deduction for health insurance costs of self- employed individuals.

Title IV – Application and Enforcement of Group Health Plan Requirements.
Title IV addresses the application and enforcement of group health plan portability, access and renewability for those with pre-existing conditions, and modifies continuation of coverage requirements. It also clarifies continuation coverage requirements and includes COBRA clarification.

Title V – Revenue Offsets
Includes provisions related to company-owned life insurance and treatment of individuals who lose U.S. Citizenship for income tax purposes and repeals the financial institution rule to interest allocation rules.

HIPAA History
The History of HIPAA – What were the issues that led to the legislation. A response to several issues facing health care coverage, privacy, security, and fraud in the United States. HIPAA History Timeline .

HIPAA Software Program Requirements
What’s meant by medical billing HIPAA compliant software? Learn what features and considerations are important for billing compliant HIPAA medical software.

Medical Records Laws
Explains what medical records are and the medical records laws and the rights of patients. Description of HIPAA medical record policy with regard to privacy, security, ownership, and access of patient health records.

HIPAA Email Policy
Explains how the Privacy and Security Rules apply to email communications for patient protected health information.

The HITECH Act was created under the American Recovery and Reinvestment Act of 2009. This act establishes notification requirements on what DHHS defines as covered entities (providers and employees and contractors, insurance carriers, and clearinghouses, etc.), business associates, and vendors. If Protected Health Information is compromised, the HITECH Act establishes the requirements of those who are responsible for the information.

This link provides the gritty details of the HIPPA Law. Scroll down some when you reach the page.