HIPAA FAQs*
*Frequently Asked Questions
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, which contains two basic sections. The first section, which has already been fully implemented, deals with portability of health insurance, and protecting the ability of people with current or pre-existing medical conditions to get health insurance.
The second section, Administrative Simplification, contains a number of sweeping changes aimed at:
- Improving the efficiency in health care delivery by standardizing electronic data interchange.
- Protecting confidentiality and security of health care data.
What are the three major rules of HIPAA?
The HIPAA administrative simplification rules are actually three different rules that each went through separate rule-making processes.
- Standardization of Electronic Transactions and Code Sets
- Standards for Protecting the Privacy of Patient Health Information
- Security Standards
These three rules essentially go hand in hand. Taken together with the public's comments, they are approximately 2,000 pages in length.
Standardization of Electronic Transactions and Code Sets
This rule simplifies and standardizes the exchange of patient information electronically by creating standard transaction forms. The effective date for this rule was October 16, 2002, with the option to file for a one-year extension to October 16, 2003.
Standards for protecting the Privacy of Patient Health Information
This rule protects the privacy of personal health information and places many administrative requirements designed to ensure privacy on health care providers. Examples of these requirements include providing your patient a Notice of your Privacy Practices, controlling physical access to patient information such as storing medical records in a secure place, developing written privacy policies and procedures, appointing a privacy officer, and having business associate contracts with your business associates. The compliance date for this rule was April 14, 2003.
Security Standards
This rule imposes standards for the security of all personal health information that is maintained electronically. The final rule was published on February 20, 2003. The compliance date is April 21, 2005.
When do I have to comply with these rules?
Your organization must implement all of the requirements of each of the rules by the following compliance dates:
- Transactions and Code Sets: October 16, 2002 (October 16, 2003, if you file for the one-year extension)
- Privacy Rule: April 14, 2003
- Security Rule: April 21, 2005
What should I be doing now to comply with HIPAA?
By now you should have all your Privacy policies and procedures fully in place. Your comprehensive privacy program should include:
- providing all your patients your Notice of Privacy Practices
- having each of your patients sign an Acknowledgement of Receipt of your Notice of Privacy Practices
- training all of your employees about the requirements of the HIPAA Privacy Rule
- keeping a record of business associate contracts (by now, you should have negotiated business associate contracts with each of your business associates)
- identifying all new business associates and negotiating business associate contracts with them
- conducting HIPAA-compliant electronic claims transactions
I don't have my privacy program in place; what should I do?
- AOPA HIPAA Compliance Guide
AOPA's HIPAA Compliance Guide was completed last May and is available for those who are still working on their compliance program. The Guide, which is on a CD, contains a complete discussion of the three HIPAA Rules, the required forms (Patient Consent, Patient Authorization, a sample Notice of Privacy Practices, a sample Business Associate Contract, Written Acknowledgment of Receipt of Notice of Privacy Practices), and the required Office Policies and Procedures. - AOPA HIPAA Security Guide
AOPA's HIPAA Security Guide features detailed explanation of the Security Standards as well as samples of all of the policies and procedures you will need to create and implement in order to meet these Standards. - Special Offer!
Buy AOPA's HIPAA Compliance Guide and HIPAA Security Guide together and save! - AOPA HIPAA Security Seminars
This seminar will help you comply with HIPAA's Security Rule and answer such questions as:- How do I perform a risk analysis of my computer information systems?
- How do I ensure that only authorized personnel have access to the electronic protected health information (E_PHI) stored on my computers?
- How do I create a contingency plan to protect the E-PHI stored on my computers in the event of an emergency?
- When are all of these requirements going into effect?
- O&P Almanac and AOPA in Advance
AOPA publishes in-depth articles on selected HIPAA topics and updates on HIPAA rules in the O&P Almanac and our members-only, biweekly newsletter, AOPA in Advance. Not an AOPA member? Join today and start receiving AOPA in Advance!
ABOUT AOPA | ADVERTISING | PRESS | HISTORY | MISSION | PRIVACY POLICY | SITE MAP
THE AMERICAN ORTHOTIC & PROSTHETIC ASSOCIATION
330 John Carlyle Street, Suite 200 • Alexandria, VA 22314 • Tele: (571) 431-0876 • Fax: (571) 431-0899 • info@AOPAnet.org
ALL CONTENTS COPYRIGHT 2000-2009 AMERICAN ORTHOTIC AND PROSTHETIC ASSOCIATION. ALL RIGHTS RESERVED.