HIPAA Q&A
[Editor’s note: This is the first in a series of periodic columns that will address specific questions related to implementation of the Health Insurance Portability and Accountability Act (HIPAA). Future columns will address business associate agreements, organized health care arrangements, peer review activities, and staff training. If you have questions regarding these areas or others, please send them to Sheryl Jackson, Same-Day Surgery, American Health Consultants, P.O. Box 740056, Atlanta, GA 30374. Fax: (404) 262-5447. E-mail: [email protected].]
Question: What are the deadlines for compliance with the HIPAA rules?
Answer: There are three sections of HIPAA, each with its own deadline, says Michael R. Callahan, partner and head of the HIPAA section for Katten, Muchin, Zavis, and Rosenman, a Chicago-based law firm. "April 14, 2003, is the deadline for complying with the privacy rule, and Oct. 15, 2003, is the date to be in full compliance with the transaction code sets," he says. The security rules still are up in the air, and at press time, they had not received final approval. Once approved, same-day surgery programs have two years to comply with the security rules, he adds.
"The difficulty with the unapproved security rules is that many of the security requirements overlap with privacy requirements, such as development of passwords to protect electronic patient information," Callahan points out. This overlap means that an organization must implement some security measures along with privacy measures, he explains. Many organizations are basing their policies and implementing new activities based upon the proposed security rules and hoping they don’t change significantly, he adds.
Question: Who must comply with HIPAA?
Answer: "Any health care provider, billing clearinghouse, or other vendor that submits claims electronically must comply with HIPAA," Callahan says. Even if you don’t handle everything electronically, if any part of your process is electronic, such as verifying coverage, you must implement measures to meet HIPAA requirements, he adds. For example, if your same-day surgery program submits claims information on paper to a billing company that subsequently files claims electronically, your same-day surgery program must comply with the standards.
Resources
For more information about compliance, contact:
• Michael R. Callahan, Partner, Head of HIPAA Section, Katten, Muchin, Zavis, Rosenman, 525 W. Monroe St., Suite 1600, Chicago, IL 60661-3693. Telephone: (312) 902-5634. Fax: (312) 902-1061. E-mail: [email protected].
For resources on compliance, contact:
• The Department of Health and Human Services’ Office of Civil Rights has released a new guidance document to address frequently asked questions about the medical privacy rule. Web: www.hhs.gov/ocr/hipaa/privacy.html.
• Workgroup for Electronic Data Interchange, 12020 Sunrise Valley Drive, Suite 100, Reston, VA 20191. Telephone: (703) 391-2716. Fax: (703) 391-2759. Web: www.wedi.org.
This is the first in a series of periodic columns that will address specific questions related to implementation of the Health Insurance Portability and Accountability Act.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.