Health Information Portability and Accountability Act

Health Plans Covered

• HIPAA applies to self-funded group health plans, fully insured group health plans, individual health insurance policies, and comparable health coverage for high risk pools available in some states. States may also have additional protections that apply to health insurance coverage if you are in a fully insured group health plan or have individual health coverage.

  Fully insured group health plans would be employment-related health plans that provide benefits through insurance. Self-funded group health plans are employment-related group health plans that pay for coverage directly without purchasing health insurance. Individual health insurance policies are nonemployment related and sold to individual consumers. Some states also offer residents health coverage through a high-risk pool.

Health Care Access And Portability

• Title I addresses the availability of health insurance to individuals and groups. It prohibits some restrictions placed by certain health coverage on preexisting conditions and allows health coverage to refuse to provide benefits for preexisting conditions for the first 12 to 18 months, unless the consumer shows continuity of coverage. (29 U.S.C. §1181(a)(3)).

  Some long-term health plans, dental plans and vision plans are exempt from Title I.

Preventing Health Care Fraud

• Title II defines offenses relating to health and provides for civil and criminal penalties for violation of those offenses and applies to health plans, health care clearinghouses--an entity that processes individually identifiable health information for health plans or health providers--and to any health care provider who transmits health information in electronic form. As a result of Title II requirements, the U.S. Department of Health and Human Services (HHS) has established five rules: The Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifier Rule and the Enforcement Rule.

Patient Privacy And Electronic Records

• HHS issued the Privacy Rule to implement the privacy requirement in Title II of HIPAA. According to HHS, the Privacy Rule is intended to protect an individuals' health information "while allowing the flow of health information needed to provide and promote high quality health care." The rule defines and limits the circumstances under which a person's health information may be disclosed to certain entities.

  The Privacy Rule protects all "individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral." This includes past, present or future physical or mental health conditions and payment of health care that includes information, such as name, address, date of birth or Social Security Number that would identify the individual.

  The Transactions and Code Sets rule requires health providers to submit information electronically. This requires health care claims, billing, pharmacy, payment and benefits information to be submitted electronically.

  The Security Rule requires health plans, health care clearinghouses and health care providers to meet specific security standards to protect the information addressed in the Privacy Rule.

  The Unique Identifiers Rule requires providers to use a National Provider Indentifier (NPI). The NPI is a 10-digit number that must be on all information a health care provider submits electronically to a health plan or health care clearinghouse.

Enforcement

• The Enforcement Rule establishes civil penalties for any violation of HIPAA and the investigation of complaints regarding HIPAA violations.

  A health plan, health care clearinghouse, and health care provider may use and disclose protected health information, without a consumers authorization to the individual consumer, for the purposes of treatment and payment, and for limited purposes for research and public health information. For any other purpose, the patient's consent or authorization must be obtained.