About OAHHS
Member Center
Data Center
Key Issues
Legal Issues
 
     
  Transaction Standards
  Privacy Regulations
  Security Regulations
 
 
 
 
   
   
     
     
 
  Return to HIPAA Main Menu  
     
 
     
 

 

HIPAA Compliance Guidelines

 

OAHHS HIPAA Task Force

 


HIPPA Summary

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. As part of the Act, Congress called for regulations promoting administrative simplification of healthcare transactions as well as regulations ensuring the privacy and security of patient information. The Act required Congress to enact laws implementing these goals by 1999. When Congress failed to do so, DHHS stepped in and began promulgating regulations. The regulations apply to what are called "covered entities:" healthcare providers, health plans and healthcare clearinghouses who transmit any health information in electronic form in connection with a transaction covered under HIPAA. The regulations are made up of three distinct parts: transaction standards, privacy and security.

Transaction Standards:The transactions standards call for use of common electronic claims standards, common code sets and unique health identifiers. The rules became effective October 16, 2000 and providers originally had two years from that date to comply. DHHS moved the compliance date to October 2003 if a proper compliance plan is filed by October, 2002. The OAHHS HIPAA taskforce has elected not to focus on the transaction standards.

Privacy Regulations:The privacy rules govern the release of individually identifiable health information, specifying how health providers must provide notice of privacy policies and procedures to patients, obtain consent and authorization for use of information and tell how information is generally shared and how patients can access, inspect, copy and amend their own medical record. The privacy rules became effective in April 2001 and carry a compliance deadline of April 14, 2003. Key provisions for providers include:

  • Notice of privacy practices and acknowledgement requirements

  • Opt out provisions

  • Minimum necessity requirement

  • Administrative responsibilities

  • Business associate obligations

Key provisions for patients include:

  • Right to notice of hospital privacy

  • Right to access records

  • Right to accounting of disclosures

  • Right to request amendment to records

  • Right to request restriction of uses and disclosures

  • Right to request restrictions communicating health information

Security Regulations: The security regulations dictate the kind of administrative procedures and physical safeguards covered entities must have in place to ensure the confidentiality and integrity of protected health information. These rules went into effect in April, 2005.

Top

 


Home | Contact Us
© Copyright 2008 OAHHS