Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act or HIPAA was enacted in 1996 by the U.S. Congress. This act was designed to help increase the efficiency and effectiveness of the health care system. There are 2 main parts to HIPAA: Title I and Title II.

Title I

Title I of Health Insurance Portability and Accountability Act focuses on regulating the scope and availability of group health insurance plans and some individual health insurance plans. Under this section, there is also a regulation of restrictions that can be placed by group plans for pre-existing conditions. Specifically, Title I states that group health plans can only refuse benefits for pre-existing conditions for 12 or 18 months, depending on enrollment. There are other exclusions and different rules to Title I. It can be a bit complex to put into layman’s terms. The complexity of HIPAA happens to be one of the major complaints about the new regulations, but as with any bureaucracy, complex language and numerous exceptions is to be expected.

Title II

Title II of Health Insurance Portability and Accountability Act is a bit more involved than Title I. Title II addresses penalties for failure to comply with HIPPA, along with regulations about electronic filing of medical reports and claims. Title II also addresses abuse and fraud within the health care system. There are five rules under Title II. These are the Privacy Rule, the Transactions Rule and Code Sets Rule, the Security Rule, the Unique Identifiers Rule and the Enforcement Rule.

The Privacy Rule addresses the disclosure of patient information. It provides regulations for how medical facilities, doctors, health insurance providers and other medical professionals should handle private patient information, as well as disclosure of such privacy protection to patients.

The Transactions Rule covers how claims are filed. It sets regulations that all medical claims must be filed electronically according to specific HIPPA regulations and rules. If health care providers fail to file claims correctly, then the claims will not be paid.

The Security Rule was devised to support the Privacy Rule. The Privacy Rule covers Protected Health Information or PHI and the Security Rule covers Electronic Protected Health Information or EPHI. This rule specifies three security safeguards that must be followed in order for the health care provider to be considered in compliance with HIPPA regulations. These three safeguards are administrative, physical and technical.

The Unique Identifiers Rule specifies that health care providers and other health care related professionals can only use the National Provider Identifier or the NPI to identify the healthcare provider in all transactions.

The Enforcement Rule of Health Insurance Portability and Accountability Act
sets penalties for the violation of HIPPA rules and regulations. It also establishes the way such violations will be investigated and handled.

Health Insurance Portability and Accountability Act can be difficult for the average person to understand. Many professionals within the health care system do not fully understand all the rules and regulations created by HIPPA. In time, HIPPA regulations will become the norm and will be fully responsible for ensuring that the health care system is an efficient system where standards are followed successfully. There will be less confusion and more cooperation between health care providers, health insurance companies and other health care professionals.