Many people aren’t sure if their organization has to be HIPAA compliant. Find out if your organization should be following the HIPAA standards.
To understand who must be HIPAA compliant, you need to know a little of the background on HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to improve the portability and accountability of health insurance coverage for employees between jobs. This Act encouraged insurance companies and health care providers to work together to perform health insurance billing and transfers of information electronically.
Lawmakers recognized that there could be issues with electronic transactions of this nature because patient health information would be more vulnerable. Hence, the Privacy Rule was created to help protect the health information and the term “protected health information” (PHI) was coined. PHI includes individually identifiable health information; basically, it’s patient health information that is linked to an identifier. So, a patient’s name in combination with the medical office that he or she attends is one example of PHI.
A few years after the Privacy Rule was created and implemented, the Department for Health and Human Services (HHS) found that there were more issues arising in the health care industry that required further rulings. As more providers started implementing electronic health records, the Security Rule was created to protect electronic health information (ePHI). Slowly, over time, HIPAA has changed and transformed, but the beginning of it all revolved around electronic transactions.
Who has to be HIPAA Compliant?
HHS states that Health Plans, Health Care Clearinghouses, and Health Care Providers who conduct specific electronic transactions must be HIPAA compliant. These groups of organizations are collectively called Covered Entities. In 2009, when the HITECH Act passed, Business Associates also became responsible for HIPAA compliance like Covered Entities.
What is a Transaction?
The most defining requirement for HIPAA compliance is the electronic transactions. The Center for Medicare & Medicaid Services (CMS) defines transactions as:
• Claims and encounter information
• Payment and remittance advice
• Claims status
• Enrollment and disenrollment
• Referrals and authorizations
• Coordination of benefits
• Premium payment
What does that mean?
Essentially, that means that anyone who provides health care, but does not accept insurance, does not need to be HIPAA compliant. This is more often found in areas of alternative health like Chiropractors or Acupuncturists. Many psychologists or therapists don’t accept insurance either.
If you do accept insurance, you need to be HIPAA compliant, so get started today with HIPAAgps. We offer an easy, affordable, online HIPAA compliance tool that will help get you on your journey to HIPAA compliance.