HIPAA stands for the Health Insurance Portability and Accountability Act, which was enacted in 1996 to protect healthcare information and standardize electronic healthcare transactions.

Who is considered a covered entity under HIPAA?

Covered entities include healthcare providers who conduct electronic transactions, health plans, and healthcare clearinghouses.

Do I have to submit healthcare claims electronically?

HIPAA does not require electronic submission of claims, but if you conduct certain transactions electronically, you must use HIPAA standards.

What are the compliance deadlines for HIPAA?

Key compliance deadlines include April 14, 2003, for privacy requirements, and October 16, 2003, for electronic transactions and code sets.

What are the penalties for non-compliance with HIPAA?

Penalties can include civil monetary fines and criminal penalties for knowingly violating HIPAA rules.

How can I determine if I am a covered entity?

You can determine if you are a covered entity by assessing if you conduct electronic transactions as defined by HIPAA.

What resources are available for HIPAA compliance?

Resources include the CMS HIPAA website, HIPAA hotlines, and provider readiness checklists.

What is the role of designated standards maintenance organizations (DSMO)?

DSMO are organizations that maintain and develop standards for HIPAA compliance.

What is direct data entry (DDE)?

DDE refers to entering data directly into a health plan's computer system using terminals or browser screens.

What is the purpose of HIPAA's administrative simplification provisions?

The provisions aim to streamline healthcare transactions, reduce costs, and protect patient information.

HIPAA 101: The Basics of HIPAA Administrative Simplification

00:43:06

https://www.youtube.com/watch?v=ahEW1xEKz0Y

Ringkasan

TLDRThe video outlines the basics of HIPAA's administrative simplification provisions, focusing on electronic healthcare transactions and code sets standards. It covers the history of HIPAA, compliance requirements for covered entities, and the importance of standardization in healthcare transactions. The video also discusses enforcement of HIPAA rules, compliance deadlines, and available resources for further information. Key areas include electronic transactions, unique identifiers, privacy, and security standards, emphasizing the need for healthcare providers to comply with these regulations to ensure efficient and secure handling of health information.

Takeaways

📜 HIPAA was enacted in 1996 to protect health information.
💻 Covered entities must comply with electronic transaction standards.
🔍 Compliance deadlines vary for different provisions of HIPAA.
📅 Key compliance dates include April 14, 2003, and October 16, 2003.
🔒 HIPAA mandates privacy and security standards for health information.
📞 Resources like the CMS HIPAA website provide valuable information.
🛠️ Designated standards maintenance organizations help maintain HIPAA standards.
📊 Direct data entry (DDE) allows providers to input data directly into health plans.
💡 Understanding your status as a covered entity is crucial for compliance.
⚖️ Non-compliance can lead to significant penalties.

Garis waktu

00:00:00 - 00:05:00
The program introduces HIPAA administrative simplification, focusing on electronic healthcare transactions and code sets standards. It aims to clarify HIPAA's history, benefits, compliance requirements, and enforcement mechanisms, while addressing common questions about HIPAA.
00:05:00 - 00:10:00
HIPAA, enacted in 1996, aims to protect healthcare benefits and standardize transactions, enhancing efficiency and reducing costs. The second title of HIPAA focuses on administrative simplification, which includes electronic transactions, unique identifiers, privacy, and security standards.
00:10:00 - 00:15:00
The administrative simplification standards apply to healthcare clearinghouses, health plans, and certain healthcare providers. A transaction is defined as the electronic exchange of information for healthcare-related activities, with specific standards established for various types of transactions.
00:15:00 - 00:20:00
HIPAA's provisions were implemented through regulations with varying compliance deadlines. The final rule for electronic transactions was issued in 2000, with compliance required by 2002, later extended for some entities. HIPAA does not mandate electronic claims submission but requires compliance with standards if electronic transactions are conducted.
00:20:00 - 00:25:00
Small healthcare providers are not exempt from HIPAA; they are considered covered entities if they transmit designated transactions electronically. Compliance deadlines for privacy provisions and unique identifiers are outlined, with specific dates for small health plans.
00:25:00 - 00:30:00
The final rule for security standards was published in 2003, requiring covered entities to implement security procedures for electronic health information. Compliance dates vary for small health plans, and resources for compliance are available on the CMS website.
00:30:00 - 00:35:00
Covered entities must assess their status, identify communication methods, and evaluate business processes for HIPAA compliance. Testing and coordination with trading partners are crucial steps, along with establishing agreements for HIPAA-compliant transactions.
00:35:00 - 00:43:06
CMS enforces HIPAA provisions, focusing on compliance and providing technical assistance. Penalties for non-compliance include civil and criminal penalties, with an emphasis on helping entities achieve compliance before imposing penalties.

Tampilkan lebih banyak

Peta Pikiran

Video Tanya Jawab

What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act, which was enacted in 1996 to protect healthcare information and standardize electronic healthcare transactions.
Who is considered a covered entity under HIPAA?
Covered entities include healthcare providers who conduct electronic transactions, health plans, and healthcare clearinghouses.
Do I have to submit healthcare claims electronically?
HIPAA does not require electronic submission of claims, but if you conduct certain transactions electronically, you must use HIPAA standards.
What are the compliance deadlines for HIPAA?
Key compliance deadlines include April 14, 2003, for privacy requirements, and October 16, 2003, for electronic transactions and code sets.
What are the penalties for non-compliance with HIPAA?
Penalties can include civil monetary fines and criminal penalties for knowingly violating HIPAA rules.
How can I determine if I am a covered entity?
You can determine if you are a covered entity by assessing if you conduct electronic transactions as defined by HIPAA.
What resources are available for HIPAA compliance?
Resources include the CMS HIPAA website, HIPAA hotlines, and provider readiness checklists.
What is the role of designated standards maintenance organizations (DSMO)?
DSMO are organizations that maintain and develop standards for HIPAA compliance.
What is direct data entry (DDE)?
DDE refers to entering data directly into a health plan's computer system using terminals or browser screens.
What is the purpose of HIPAA's administrative simplification provisions?
The provisions aim to streamline healthcare transactions, reduce costs, and protect patient information.

Lihat lebih banyak ringkasan video

Dapatkan akses instan ke ringkasan video YouTube gratis yang didukung oleh AI!

Teks

Gulir Otomatis:

00:00:00
[Music]
00:00:16
hello and welcome to the Centers for
00:00:19
Medicare and Medicaid Services program
00:00:21
on the basics of HIPAA administrative
00:00:24
simplification I'm Valerie Hart and I'm
00:00:27
joined by John Young and will be your
00:00:29
guides as we review the information you
00:00:32
need to know about HIPAA and complying
00:00:34
with its administrative simplification
00:00:36
provisions specifically the electronic
00:00:39
healthcare transaction and code sets
00:00:41
standards this program is designed to
00:00:44
help you understand the history of HIPAA
00:00:45
and its benefits for you unsure whether
00:00:48
you're a covered entity will show you
00:00:50
how to find out then we'll cover the
00:00:52
standards that have been adopted for
00:00:54
electronic transactions and code sets
00:00:56
you'll find out why the designated
00:00:58
standards maintenance organizations may
00:01:00
be important to you you will also learn
00:01:02
about some of the steps you need to take
00:01:04
become compliant with the administrative
00:01:05
simplification provisions of HIPAA we'll
00:01:08
also touch on how HIPAA rules and
00:01:10
deadlines will be enforced we'll also
00:01:12
share the answers to some of the HIPAA
00:01:14
questions that we have received and show
00:01:16
you how to get more information about
00:01:18
HIPAA
00:01:20
you
00:01:24
Congress passed the Health Insurance
00:01:26
Portability and Accountability Act in
00:01:29
1996 in addition to creating consumer
00:01:33
protection for healthcare benefits the
00:01:35
portability part of HIPAA Hippo will
00:01:38
standardize financial and administrative
00:01:40
health transactions for the public and
00:01:43
private sectors increased speed and
00:01:45
efficiency cut the cost of delivering
00:01:48
health care services and set minimum
00:01:52
standards of protection for the storage
00:01:54
use and transfer of protected health
00:01:57
information
00:01:58
in short HIPAA puts the force of law
00:02:01
behind the adoption of standards the
00:02:03
HIPAA statute has five titles the second
00:02:07
title contains the administrative
00:02:08
simplification provisions and is the one
00:02:11
we will focus on today there are four
00:02:14
main areas that comprise administrative
00:02:17
simplification the first is electronic
00:02:20
transactions and code sets HIPAA adopts
00:02:23
and requires the use of uniform national
00:02:25
standards and requirements for
00:02:27
conducting electronic health care
00:02:29
transactions the second area is the
00:02:33
unique identifier HIPAA requires
00:02:36
establishing and assigning a standard
00:02:38
identifier that providers health plans
00:02:41
and employers will use for every
00:02:43
electronic healthcare transaction the
00:02:46
third is privacy under HIPAA covered
00:02:49
entities must implement standards to
00:02:52
protect and guard against the misuse of
00:02:55
individually identifiable health
00:02:57
information the final area is security
00:03:01
HIPAA addresses how electronic health
00:03:04
information is stored transmitted and
00:03:06
accessed
00:03:07
[Music]
00:03:13
the administrative simplification
00:03:15
standards adopted by the Secretary of
00:03:18
the Department of Health and Human
00:03:19
Services under HIPAA applies to all
00:03:21
health care clearing houses all health
00:03:24
plans those health care providers that
00:03:27
conduct certain transactions in
00:03:28
electronic form or use a billing service
00:03:31
to conduct transactions on their behalf
00:03:33
if you meet one or more of these
00:03:35
criteria you are a covered entity and
00:03:38
must comply with the administrative
00:03:39
simplification requirements of HIPAA we
00:03:42
have mentioned transactions a lot
00:03:43
exactly what is a transaction a
00:03:46
transaction is the electronic
00:03:48
transmission of information between two
00:03:50
parties to carry out financial or
00:03:52
administrative activities related to
00:03:54
health care electronic transaction
00:03:57
standards have been developed for the
00:03:59
following exchanges of information
00:04:01
healthcare claims or equivalent
00:04:03
encounter information healthcare payment
00:04:06
and remittance advice healthcare claim
00:04:09
status eligibility inquiry referral
00:04:13
certification and authorization
00:04:15
enrollment and disenrollment in the
00:04:18
health plan health plan premium payment
00:04:21
coronation of benefits claims attachment
00:04:25
standards forthcoming and first report
00:04:28
of injury standards forthcoming what do
00:04:32
we mean by electronic the term
00:04:34
electronic is used to describe moving
00:04:37
healthcare data via the internet and
00:04:39
extranet leased lines dial-up lines such
00:04:44
as direct data entry or dde private
00:04:48
networks point of service and health
00:04:51
data that is physically moved from one
00:04:53
location to another using magnetic tape
00:04:56
disk or CD media faxes sent using a
00:05:00
dedicated fax machine as opposed to
00:05:02
faxing from a computer and voice
00:05:03
response units on phones are not subject
00:05:06
to the transaction standards but may
00:05:08
have to meet privacy and security
00:05:10
standards now let's catch up with
00:05:12
another special term and define direct
00:05:15
data entry or dde in some more detail
00:05:18
with dde remote user keys data directly
00:05:21
into a health plans computer using dumb
00:05:24
terminals or computer browser screens
00:05:27
health plans can give providers the
00:05:28
option to use dde but are not obligated
00:05:31
to do so
00:05:39
in this segment we get back to more of
00:05:41
the details of administrative
00:05:42
simplification
00:05:43
although HIPAA was enacted in 1996 each
00:05:47
of the provisions of administrative
00:05:49
simplification are set in motion through
00:05:51
the issuing of proposed and final
00:05:53
regulations thus each part of
00:05:55
administrative simplification has
00:05:57
different effective dates and different
00:05:59
compliance deadlines we'll review them
00:06:02
in the next section the final rule for
00:06:05
electronic transactions and code set
00:06:07
standards was issued in August 2000
00:06:10
compliance with this rule was required
00:06:12
by October 16th 2002 the large health
00:06:15
plans health care providers and health
00:06:18
care clearing houses however Congress
00:06:21
realized that many covered entities
00:06:23
would not be ready to comply with that
00:06:25
date so in December of 2001 it passed
00:06:29
legislation that became public law 1:07
00:06:32
- 1:05 also known as the administrative
00:06:36
simplification Compliance Act or Aska
00:06:38
for short which amended HIPAA and
00:06:41
granted a one-year compliance extension
00:06:43
to October 16th 2003 under certain
00:06:46
conditions that extension was available
00:06:49
to covered entities scheduled to become
00:06:52
compliant in 2002 provided the covered
00:06:55
entity submitted a compliance extension
00:06:57
plan to CMS by October 15 2002 small
00:07:02
health plans with receipts of less than
00:07:04
5 million dollars have always had until
00:07:06
October 16 2003 to comply and the
00:07:09
compliance date was not affected by the
00:07:11
extension covered entities that filed
00:07:15
for an extension are required to begin
00:07:17
their internal testing by April 16 2003
00:07:21
does HIPAA require that I submit my
00:07:23
healthcare claims electronically
00:07:26
HIPAA does not require that you submit
00:07:28
healthcare claims electronically what it
00:07:31
does require is that if you conduct
00:07:33
certain transactions electronically you
00:07:35
must use the HIPAA standards and there's
00:07:38
another important element of Aska it
00:07:41
requires that most Medicare claims
00:07:43
submitted after October 16 2003 be
00:07:47
submitted electronically there will be
00:07:49
exceptions to this requirement for
00:07:52
example you
00:07:53
we'll be able to continue to submit
00:07:54
paper claims if there is no method
00:07:56
available for submitting them
00:07:58
electronically also regardless of
00:08:01
whether an electronic claim format is
00:08:03
available small providers of services or
00:08:06
supplies can continue to use paper small
00:08:10
providers are defined by Aska as a
00:08:12
physician practitioner facility or
00:08:15
supplier other than provider of services
00:08:17
with fewer than 10 full-time equivalent
00:08:20
employees or a provider of services with
00:08:24
fewer than 25 full-time equivalent
00:08:26
employees there may be additional
00:08:29
exceptions regulations clarifying the
00:08:32
exceptions to the Medicare electronic
00:08:34
billing requirements will be issued if
00:08:36
you are a provider and believe you
00:08:39
qualify for an exception you should
00:08:41
continue to build Medicare via paper
00:08:44
there's currently no mechanism in place
00:08:46
to request a waiver of these
00:08:48
requirements so please be patient and
00:08:50
wait for the regulations to be issued
00:08:53
it's time to hear one of the HIPAA
00:08:55
questions that we received I'm a small
00:08:58
healthcare provider
00:08:59
I've heard that I'm excluded from HIPAA
00:09:00
is that true no small providers are not
00:09:04
excluded from HIPAA the size of the
00:09:07
healthcare providers office does not
00:09:09
exempt them from HIPAA if a healthcare
00:09:12
provider transmits any of the designated
00:09:14
transactions electronically they are
00:09:16
considered a covered entity and are
00:09:19
subject to the administrative
00:09:20
simplification provisions of HIPAA
00:09:23
Thanks
00:09:24
now let's move on to the compliance
00:09:27
dates for the other key components of
00:09:29
administrative simplification the final
00:09:32
rule for HIPAA privacy was published in
00:09:34
December of 2000 with final
00:09:36
modifications published August 14th 2002
00:09:39
they set the compliance date of April
00:09:42
14th 2003 for all covered entities
00:09:44
except small health plans remember even
00:09:48
if you got the one-year extension for
00:09:49
meeting the electronic transactions and
00:09:51
code sets requirements you still must
00:09:54
meet all deadlines for compliance with
00:09:56
the deadlines for the privacy provisions
00:09:58
or any of the other HIPAA administrative
00:10:01
simplification provisions April 14th
00:10:04
2004 is the privacy complying
00:10:07
stay for small health plans the standard
00:10:10
unique identifiers mandated by HIPAA
00:10:13
include the following the national
00:10:15
employer identifier the national
00:10:18
provider identifier and the national
00:10:21
health plan identifier the final
00:10:23
regulation said specify the national
00:10:25
employer identifier were published in
00:10:28
May 2002 the rules adopt the employer
00:10:31
identification number or ein an existing
00:10:35
identifier already issued by the
00:10:37
Internal Revenue Service as the national
00:10:40
employer identifier for use in
00:10:42
healthcare transactions the use of this
00:10:45
identifier will improve the Medicare and
00:10:47
Medicaid programs and the effectiveness
00:10:50
and efficiency of the health care
00:10:51
industry in general by simplifying the
00:10:54
administration of the system and
00:10:56
enabling the efficient electronic
00:10:59
transmission of certain health
00:11:00
information all covered entities accept
00:11:04
small health plans must comply with the
00:11:07
national employer identifier standards
00:11:09
by July 30th 2004 small health plans
00:11:13
must comply by August 1st 2005 as of
00:11:18
December 2002 the final regulations for
00:11:21
the national provider identifier are
00:11:23
still pending and the rule for the
00:11:25
national health plan identifier has not
00:11:28
been released
00:11:29
On February 20th 2003 the Department of
00:11:33
Health and Human Services published the
00:11:34
final rule for security standards for
00:11:36
electronic protected health care
00:11:38
information this rule specifies a series
00:11:41
of administrative technical and physical
00:11:43
security procedures for covered entities
00:11:46
to use to assure the confidentiality of
00:11:48
electronic protected health information
00:11:51
the security compliance dates are April
00:11:53
21st 2005 in April 21st 2006 for small
00:11:58
health plans please visit the CMS
00:12:01
website for current information about
00:12:02
security that site is WW CMS HHS govt /
00:12:11
HIPAA slash HIPAA - will provide a list
00:12:15
with this address and other helpful web
00:12:17
addresses at the end of the program
00:12:20
or we move on let's review each of the
00:12:22
three covered entity categories in more
00:12:24
detail to help you determine if you are
00:12:26
a covered entity let's start with
00:12:29
providers how do you know if you or your
00:12:32
business is a covered healthcare
00:12:33
provider all healthcare providers that
00:12:36
conduct any electronic transactions for
00:12:39
which the Secretary of the Department of
00:12:40
Health and Human Services has adopted
00:12:42
standards are covered entities this
00:12:45
includes providers who use a billing
00:12:47
service or a clearinghouse this includes
00:12:50
hospitals clinics nursing homes
00:12:52
positions suppliers and others that
00:12:56
furnish bill or receive payments for
00:12:58
health care services in the normal
00:13:00
course of business if you use another
00:13:03
entity such as a clearinghouse to
00:13:05
conduct covered transactions in
00:13:07
electronic form on your behalf you are
00:13:09
considered to be conducting the
00:13:11
transaction in electronic form and thus
00:13:13
you are a covered entity now how do you
00:13:17
determine if your business is a covered
00:13:19
healthcare clearinghouse if your
00:13:22
business processes or facilitates the
00:13:24
processing of health information from
00:13:26
non-standard formats to standard formats
00:13:29
and vice versa you are considered a
00:13:32
clearinghouse and thus a covered entity
00:13:34
clearinghouse services may be provided
00:13:36
by many types of organizations including
00:13:40
billing services repricing companies or
00:13:43
in some cases banks finally how do you
00:13:46
determine if your private benefit plan
00:13:48
or government-funded program is a health
00:13:50
plan a health plan is broadly defined as
00:13:53
an individual or group plan that
00:13:55
provides or pays the cost of medical
00:13:57
care for private benefit plans in
00:14:00
general it is considered health plan if
00:14:02
the plan is health insurance issuer a
00:14:05
group health plan and insurer of a
00:14:08
Medicare supplemental policy an HMO or a
00:14:12
multi-employer welfare benefit plan
00:14:15
long-term care policies in addition to
00:14:17
other policies are covered however
00:14:20
nursing home fixed and M&D policies are
00:14:22
not there is an important exception to
00:14:25
that definition if the plan is a group
00:14:28
health plan that has fewer than 50
00:14:30
participants
00:14:31
and is self-administered then it is not
00:14:34
considered a health plan remember HIPPA
00:14:38
gave small health plans an additional
00:14:40
year to comply with the HIPAA
00:14:42
transaction and code set standards so
00:14:45
what exactly is a small plan a small
00:14:48
health plan is defined as having annual
00:14:50
receipts of five million dollars or less
00:14:53
annual receipts means total income or
00:14:56
gross income plus cost of goods sold as
00:14:59
these terms are defined or report it on
00:15:01
IRS federal tax return forms health
00:15:05
plans that do not report receipts to the
00:15:07
IRS such as ERISA group health plans
00:15:09
exempt from filing income tax returns to
00:15:12
use proxy measures to determine their
00:15:14
annual receipts fully insured health
00:15:17
plans should use the amount of total
00:15:19
premiums which they paid for health
00:15:21
insurance benefits during the plans last
00:15:23
full fiscal year self-insured plans both
00:15:27
fund it and unfund it to use the total
00:15:30
amount paid for healthcare claims by the
00:15:31
employer plan sponsor or benefit fund as
00:15:35
applicable to their circumstances on
00:15:37
behalf of the plan during the plans last
00:15:39
fiscal year these plans that provide
00:15:42
health benefits through a mix of
00:15:44
purchased insurance and self insurance
00:15:46
combined the proxy measures to determine
00:15:49
the total annual receipts finally most
00:15:53
government funded programs are
00:15:54
considered health plans this includes
00:15:57
Medicare Medicare plus choice Medicaid
00:16:01
state children's health insurance
00:16:02
program TRICARE Indian Health Service
00:16:06
veteran's health care program and the
00:16:09
Federal Employees Health Benefit program
00:16:11
however government-funded programs other
00:16:15
than those listed above are not health
00:16:17
plans if their primary purpose is other
00:16:20
than paying for or providing care or if
00:16:23
their principal activity is the direct
00:16:25
provision of health care or making
00:16:28
grants to fund health care remember if
00:16:31
you are covered entity you are
00:16:34
responsible for complying with the rules
00:16:36
and regulations of administrative
00:16:38
simplification including meeting all
00:16:40
compliance deadlines of each of the
00:16:43
provisions
00:16:45
if you still have questions about how to
00:16:46
determine if you are covered entity you
00:16:49
can visit the CMS website at the address
00:16:52
on the screen and follow the covered
00:16:54
entity flow chart decision tool okay so
00:16:59
let's say you've determined that you are
00:17:00
covered entity in segment two we briefly
00:17:04
touched on the HIPAA transactions now
00:17:07
let us clarify the transactions and code
00:17:09
set standards that covered entities must
00:17:11
use let's listen to another HIPAA
00:17:16
question on the health care provider am
00:17:19
I allowed to submit claims both
00:17:21
electronically and by paper under HIPAA
00:17:24
a provider has the option for any
00:17:27
transaction to conduct it electronically
00:17:29
or on paper HIPAA does not require that
00:17:33
you choose one method however if you
00:17:36
choose to conduct electronic
00:17:37
transactions you must use the HIPAA
00:17:40
transactions and code sets also once a
00:17:43
provider uses an electronic transaction
00:17:45
you become a covered entity and subject
00:17:48
to the privacy rules also keep in mind
00:17:50
that after October 16th 2003 Medicare
00:17:55
will only accept paper claims under
00:17:57
limited circumstances
00:18:03
PIPA mandates the use of national
00:18:06
standards for the electronic transfer of
00:18:08
certain health care data between
00:18:10
healthcare providers health plans health
00:18:12
care clearing houses it replaces many
00:18:15
non-standard formats with a single set
00:18:17
of electronic standards to be used
00:18:19
throughout the US healthcare industry
00:18:22
standards have been developed for eight
00:18:24
of the ten transactions we'll review
00:18:26
these in a moment not every covered
00:18:29
entity will conduct all of these
00:18:31
transactions for instance health care
00:18:34
providers would not engage in enrollment
00:18:36
or disenrollment
00:18:37
in a health plan for each of the
00:18:39
transaction standards
00:18:41
there is also an Associated
00:18:43
implementation guide implementation
00:18:45
guides can be thought of as big recipe
00:18:48
books which provide detailed technical
00:18:50
specifications that explain how to build
00:18:53
a standard transaction this includes
00:18:56
format specifications content
00:18:59
specifications and certain code sets
00:19:02
these guides define the data elements
00:19:04
that are required for electronic
00:19:06
transactions implementation guides
00:19:09
provide important information for an
00:19:11
information technology group or vendor
00:19:14
that handles electronic claims
00:19:15
submission while many covered entities
00:19:18
may never need to look at an
00:19:20
implementation guide it is important to
00:19:22
know that they exist software vendors
00:19:26
may rely on these to update your billing
00:19:28
software these guides may be downloaded
00:19:31
for free from the website on your screen
00:19:35
providers should also contact their
00:19:37
payers and inquire whether they have
00:19:40
companion guides available to accompany
00:19:42
the implementation guides if available
00:19:45
companion guides can provide additional
00:19:47
information that is helpful in
00:19:49
interpreting the implementation guides
00:19:52
now let's return to the specific
00:19:54
standards that have been adopted for
00:19:56
each of the eight transactions
00:19:57
please note that health care providers
00:19:59
should mainly concern themselves with
00:20:01
the first five transactions as the other
00:20:04
ones may not apply to them the
00:20:07
regulation adopted what is commonly
00:20:09
referred to as the ASC x12 and 837
00:20:12
format for healthcare claims and
00:20:15
coordination of benefits
00:20:17
professional institutional and dental
00:20:19
claims this format and many of the other
00:20:22
adopted standards have been developed
00:20:23
and maintained by x12 standards
00:20:25
development organization who has been
00:20:27
accredited by the american national
00:20:29
standards institute as the standards
00:20:31
organization for many electronic
00:20:33
transactions for retail pharmacy drug
00:20:36
claims the regulation adopted the NCPDP
00:20:39
telecommunication version 5.1 and batch
00:20:42
standard 1.1 for healthcare payment and
00:20:45
remittance advice the regulation adopted
00:20:48
ASC x12 and 835 currently many providers
00:20:53
spend precious time reconciling
00:20:55
submitted claims with the paper
00:20:57
remittance advice under HIPAA providers
00:21:01
can get electronic remittance advices
00:21:03
from health plans and their practice
00:21:05
management systems can auto post them in
00:21:08
essence you'll be able to conduct claims
00:21:11
accounting without wasting staff time
00:21:14
for health claim status the regulation
00:21:17
adopted ASC x12 in 276 and 277 office
00:21:23
staff who have been spending time on
00:21:24
hold calling a health plan to check on
00:21:26
the status of a claim will now be able
00:21:28
to electronically request claim status
00:21:30
information and get the answer without
00:21:32
using the phone for eligibility for
00:21:35
health plan Hiep adopted ASC x12 in 270
00:21:40
and 271 for health care eligibility
00:21:43
benefit inquiry response under HIPAA
00:21:47
providers should have fewer worries
00:21:48
about getting correct eligibility
00:21:50
information quickly for referral
00:21:52
certification and authorization the
00:21:54
transaction standard adopted is ASC x12
00:21:57
in 278 for healthcare services review or
00:22:01
request for review and response this
00:22:04
transaction is to allow providers to
00:22:06
electronically ask for permission from
00:22:07
the health plan to refer their patients
00:22:09
to other providers or to perform
00:22:11
additional procedures for enrollment and
00:22:15
disenrollment in a health plan HIPAA
00:22:17
adopted ASC x12 and 834 for benefit
00:22:23
enrollment and maintenance for health
00:22:25
plan premium payments the transaction
00:22:27
standard is ASC x12 and 824 payment
00:22:32
order remittance advice now that you
00:22:36
know what the HIPAA standards are you
00:22:38
might be wondering where they came from
00:22:40
HIPAA requires the Secretary of the
00:22:42
Department of Health and Human Services
00:22:43
to adopt standards that were developed
00:22:45
by private sector standard development
00:22:47
organizations the ASC x12 organization
00:22:51
maintains the standards and the National
00:22:54
Council for prescription drug programs
00:22:56
or NCPDP maintains the telecommunication
00:22:59
and batch standards and they can be
00:23:01
found at WWE NCPDP org in addition to
00:23:08
standard transactions the HIPAA
00:23:10
regulation also requires the use of
00:23:12
standard code sets here are the code
00:23:14
sets adopted in the final rule for
00:23:17
diagnosis and procedure codes HIPAA
00:23:19
adopted icd-9-cm that stands for
00:23:24
international classification of diseases
00:23:26
ninth revision clinical modification
00:23:30
versions 1 & 2 are maintained by the
00:23:32
Centers for Disease Control in DHHS
00:23:35
while version 3 is maintained by CMS for
00:23:40
services provided by physicians and
00:23:42
other professionals CPT 4 was adopted
00:23:46
CPT stands for current procedure
00:23:48
terminology and is maintained and
00:23:51
copyrighted by the American Medical
00:23:52
Association hit picks stands for
00:23:56
healthcare common procedure coding
00:23:57
system and is maintained by CMS these
00:24:01
codes are for products supplies and
00:24:03
services not included in the CPT four
00:24:05
codes the code stands for code on dental
00:24:09
procedures and nomenclature and is
00:24:12
maintained and copyrighted by the
00:24:14
American Dental Association finally NDC
00:24:19
stands for national drug code which is
00:24:22
used by retail pharmacies and is
00:24:24
maintained by the Food and Drug
00:24:26
Administration in DHHS the transactions
00:24:30
and code set regulation adopted these
00:24:31
first sets of HIPAA standards it also
00:24:34
created a process to allow anyone to
00:24:36
request a change in the standards six
00:24:39
organizations known as designated
00:24:41
standards maintenance organizations or
00:24:43
des
00:24:43
those were designated by the Secretary
00:24:46
of DHHS and have agreed to work together
00:24:48
to collect requests for changes to HIPAA
00:24:50
standards evaluate the requests and
00:24:53
suggestions to the standards for the
00:24:55
Secretary's consideration the six desmos
00:24:58
are the accredited standards committee
00:25:00
x12 health level 7 Inc the National
00:25:04
Council for prescription drug programs
00:25:06
the National uniformed billing committee
00:25:09
the National uniform claim committee and
00:25:12
the American Dental Association the
00:25:15
secretary may modify a standard or it's
00:25:18
implementation guides but no more
00:25:19
frequently than once every 12 months you
00:25:22
can find out more by going to the Dismal
00:25:24
website at WWF oedema org as always any
00:25:31
time you want to find out more
00:25:33
information about this or any other
00:25:35
HIPAA topic you can visit the CMS hippo
00:25:38
website in the next section we'll review
00:25:42
some steps you can take to help reach
00:25:44
HIPAA compliance
00:25:46
[Music]
00:25:51
this time for another question let's
00:25:54
listen I'm overwhelmed by HIPPA where do
00:25:57
I start watching this program is a great
00:26:01
start
00:26:01
visit the CMS website it contains many
00:26:05
helpful items the HIPAA provider
00:26:07
readiness checklist can help you get the
00:26:10
ball rolling also review the frequently
00:26:13
asked questions on the website we also
00:26:15
put HIPAA updates on our website so try
00:26:18
to get in the habit of checking it
00:26:20
monthly many of you might be wondering
00:26:22
just where to start with HIPAA in this
00:26:25
section will outline some key steps and
00:26:27
questions that covered entities should
00:26:29
be addressing to help reach compliance
00:26:31
with the electronic transactions and
00:26:33
code set standards while not
00:26:36
all-encompassing knowing where you stand
00:26:38
in relation to these steps and questions
00:26:40
should help you to better focus your
00:26:42
efforts in reaching compliance the first
00:26:45
step is HIPAA project planning assign
00:26:48
someone in your office as a HIPAA point
00:26:50
person if you haven't already done so
00:26:52
this person should be responsible for
00:26:54
all aspects of HIPAA and should have
00:26:56
access to the HIPAA decision-makers such
00:26:59
as the CEO the CFO and the CIO covered
00:27:03
entities have many ways to communicate
00:27:05
transactions and requests for
00:27:07
information you need to identify which
00:27:10
modes you use that are covered under
00:27:12
HIPAA such as diskettes direct data
00:27:15
entry or dde web-based or any other form
00:27:19
of EDI or electronic data interchange
00:27:22
paper telephone and faxing with a
00:27:25
dedicated fax machine as opposed to
00:27:27
faxing from a computer are not
00:27:29
considered electronic transactions under
00:27:31
HIPAA
00:27:32
have you identified all modes of
00:27:34
communication for all HIPAA covered
00:27:36
transactions have you identified who
00:27:38
your trading partners are what methods
00:27:41
do you use conduct HIPAA covered
00:27:43
transactions electronically your HIPAA
00:27:46
budget resources and contracts should be
00:27:48
reviewed the next step is evaluating the
00:27:52
impact on business processes and systems
00:27:55
some general points to consider include
00:27:57
have you assessed the business processes
00:28:00
for HIPAA impact of the process has been
00:28:03
prioritized for
00:28:04
contingency planning adopting the HIPAA
00:28:07
standard sets means the loss of local
00:28:10
codes as the impact of the loss of local
00:28:13
codes and adoption of standard codes on
00:28:16
your systems been assessed do you have a
00:28:19
plan for changing policies processes and
00:28:21
procedures as well as staff training to
00:28:24
accommodate the switch to standard codes
00:28:26
a system assessment in the form of a gap
00:28:29
analysis needs to be completed simply
00:28:32
put this means identifying where you
00:28:34
aren't ready or gaps between what you do
00:28:37
now and what you'll need to do under
00:28:39
HIPAA for providers the practice
00:28:42
management software vendor may be
00:28:43
responsible for all or part of gap
00:28:45
analysis points to consider as part of a
00:28:48
gap analysis include as a gap analysis
00:28:52
been performed on your systems or your
00:28:53
vendors systems have mandated standard
00:28:57
transactions been mapped as a system
00:29:00
assessment been completed in addition to
00:29:03
performing gap analyses health plans and
00:29:05
clearing houses need to need to review
00:29:07
and likely revise many of their internal
00:29:10
systems ensure that HIPPA codes fields
00:29:12
and field sizes are fully supported the
00:29:15
next step is validation and testing all
00:29:18
covered entities must perform testing
00:29:21
for providers focusing on key
00:29:24
transactions such as the claim
00:29:26
remittance advice and eligibility
00:29:28
transactions is important also if you
00:29:32
are testing with one payer you should
00:29:34
not assume that you are okay you need to
00:29:37
test with all of your payers remember
00:29:40
technical glitches can occur so be sure
00:29:42
to build in enough time the workgroup
00:29:45
and electronic data interchange and the
00:29:47
strategic national implementation
00:29:48
process or wedi snip has a suggested
00:29:52
seven step testing process that you can
00:29:55
follow as HIPAA does not specify how
00:29:56
testing should be conducted you can
00:29:59
visit wheaties website at the address on
00:30:01
your screen for more information and
00:30:04
remember testing must begin no later
00:30:06
than April 16th 2003 try to test early
00:30:10
and often as testing may take many
00:30:12
months the next step is coordinating
00:30:15
with their trading partners trading
00:30:17
partners include hell
00:30:18
plans billing services and clearing
00:30:21
houses with which you may conduct HIPPA
00:30:23
transactions here are some points to
00:30:25
consider have you contacted your trading
00:30:28
partners to determine their HIPAA
00:30:29
readiness our contracts in place with
00:30:32
vendors billing services or clearing
00:30:34
houses for HIPAA compliant transaction
00:30:36
services when will your vendor be
00:30:39
updating and sending you HIPAA compliant
00:30:41
software do you or your system vendor
00:30:44
have a schedule for design development
00:30:46
and implementation do you have a way to
00:30:49
track system modification status and
00:30:52
progress have you or your system vendor
00:30:55
decided on an overall approach to
00:30:57
achieving compliance is everyone aware
00:31:01
of the April 16th 2003 testing deadline
00:31:04
while trading partner agreements or TPAs
00:31:08
are not required by HIPAA these
00:31:10
agreements specify the communication
00:31:13
methods and specific processing and code
00:31:15
requirements not determined by the HIPAA
00:31:18
transaction implementation guides while
00:31:21
the HIPAA standards address data format
00:31:23
and content they do not address other
00:31:25
issues such as the method by which
00:31:27
trading partners can accept and send
00:31:30
transactions and many data elements are
00:31:33
considered situational which means they
00:31:36
are required as a given situation is met
00:31:39
however these sorts of issues are not
00:31:42
addressed in the standards and should be
00:31:44
outlined in a TPA some additional
00:31:47
questions to be asking include have
00:31:50
transmission methods been agreed upon
00:31:52
have situational data elements been
00:31:55
identified do you have the appropriate
00:31:58
implementation guides and companion
00:31:59
guides have you accepted the processing
00:32:03
and code requirements not determined by
00:32:04
HIPAA
00:32:05
[Music]
00:32:11
CMS has been designated by the Secretary
00:32:14
of DHHS to enforce all the hip
00:32:16
administrative simplification provisions
00:32:18
with the exception of the privacy
00:32:20
standards this includes transactions and
00:32:23
code set standards and security and
00:32:25
identifier standards after they are in
00:32:27
effect the office for civil rights or
00:32:30
OCR at DHHS is responsible for
00:32:33
enforcement of the privacy provisions
00:32:35
the enforcement process for both will be
00:32:38
primarily complaint driven thus the
00:32:41
process leading to any penalties will be
00:32:43
initiated primarily in response to an
00:32:46
external complaint filed against the
00:32:48
covered entity CMS will provide
00:32:51
opportunities for a covered entity to
00:32:53
demonstrate compliance or submit a
00:32:55
corrective action plan with the focus on
00:32:57
obtaining voluntary compliance through
00:32:59
technical assistance CMS will notify you
00:33:03
by letter only if a complaint is filed
00:33:05
against you at that time you will have
00:33:08
the opportunity to show compliance or to
00:33:10
submit a corrective action plan only if
00:33:13
you do none of these things with
00:33:14
consideration be given to invoking
00:33:15
penalties and what are the penalties
00:33:18
civil monetary penalties of not more
00:33:21
than $100 per violation capped at
00:33:24
$25,000 for each requirement or
00:33:26
prohibition that is violated criminal
00:33:30
penalties of up to fifty thousand
00:33:32
dollars in one year imprisonment for
00:33:34
knowingly obtaining or disclosing
00:33:36
individually identifiable health
00:33:38
information and violation of the HIPAA
00:33:40
rules up to $100,000 in five years
00:33:43
imprisonment if the violation is
00:33:45
committed under false pretenses and up
00:33:48
to two hundred and fifty thousand
00:33:50
dollars and ten years imprisonment if
00:33:52
the violation is committed with intent
00:33:53
to sell transfer or used for commercial
00:33:56
advantage personal gain or malicious
00:33:59
harm all criminal penalties are under
00:34:02
the jurisdiction of the Department of
00:34:03
Justice
00:34:04
[Music]
00:34:09
the enforcement aspect of administrative
00:34:12
simplification is still in the early
00:34:13
stages again
00:34:16
CMS's emphasis is on ensuring everyone
00:34:19
becomes compliant with the HIPAA
00:34:20
provisions while it's true that
00:34:22
penalties can be imposed the first
00:34:25
course of action will focus on providing
00:34:26
technical assistance aimed at helping an
00:34:29
entity reach compliance for the most
00:34:32
recent information with regard to
00:34:34
enforcement and other general areas of
00:34:36
HIPAA administrative simplification
00:34:38
visit the CMS website at WWF SG / /
00:34:48
HIPAA - to learn more about HIPAA and
00:34:51
privacy or privacy enforcement issues
00:34:54
visit OCR's website at WWE
00:35:04
now that we have provided you with an
00:35:07
introduction to HIPAA you may still be
00:35:09
wondering how the administrative
00:35:10
simplification provisions of HIPAA will
00:35:12
benefit you let's meet dr. Barbara Paul
00:35:15
CMS official practicing physician and
00:35:18
covered entity dr. Paul is the director
00:35:21
of quality measurement and health
00:35:23
assessment group at CMS thanks John
00:35:27
hello I'm Barbara Paul one of the many
00:35:29
practicing physicians who work at CMS as
00:35:32
I listen to this program I realized that
00:35:35
I had many of the same questions you
00:35:36
heard today as I navigate my way through
00:35:39
HIPAA I try to be patient with the
00:35:42
stresses and strains of transitioning
00:35:44
from the 400 different formats for
00:35:46
submitting claims currently in use today
00:35:49
what keeps me going and I hope will keep
00:35:52
you going as well is the prospect of
00:35:54
simpler more streamlined administrative
00:35:57
environment for physicians and the
00:35:58
healthcare industry overall John and
00:36:02
Valerie have already mentioned many of
00:36:03
the advantages of a HIPAA compliant
00:36:05
practice speedy determination of your
00:36:08
patient's eligibility giving you fewer
00:36:11
worries about what's covered in who to
00:36:12
bill the promise of prior authorization
00:36:16
and referral requests for your patients
00:36:17
in any health plan and much quicker
00:36:20
turnaround for these requests without
00:36:22
ever picking up the phone you'll also be
00:36:25
able to send in bills and batches or
00:36:27
online and get a speedy response from
00:36:29
your payer if they cannot be processed
00:36:32
thus physicians will be paid faster and
00:36:35
have fewer administrative hassles that
00:36:38
should translate into more time for
00:36:40
patient care another benefit is that
00:36:43
administrative simplification mandates
00:36:46
that health care entities implement a
00:36:48
set of standards that will be used by
00:36:50
all sectors of the healthcare industry
00:36:51
thus eliminating the use of local codes
00:36:55
this means that under HIPAA
00:36:57
your office will use the same set of
00:37:00
codes for the same procedure with all
00:37:02
health plans that you bill before HIPAA
00:37:05
you had to know which local code to bill
00:37:07
which health plan for the same service
00:37:10
thanks dr. Paul in general Hiep intends
00:37:14
to reduce the cost of administrative
00:37:16
operations to simplify the electronic
00:37:18
exchange of information and to prevent
00:37:21
unauthorized access to patient health
00:37:23
information your patients to see fast
00:37:26
responses to the concerns such as unpaid
00:37:28
bills or access to patient records and
00:37:31
this should serve to improve your
00:37:33
patient satisfaction with you it is time
00:37:37
for another HIPAA question my vendor
00:37:40
says they're handling everything so I
00:37:42
don't need to worry about HIPAA right
00:37:44
good question but you do need to worry
00:37:47
about HIPAA if you are a covered entity
00:37:50
you are ultimately responsible for
00:37:53
compliance not your vendor or anyone
00:37:55
else so it's important that you
00:37:57
understand the deadlines and details
00:37:59
about HIPAA and its impact on your
00:38:01
business and communicate often with your
00:38:04
payers software vendors billing service
00:38:06
or clearing houses to find out where
00:38:08
they are with HIPAA implementation in
00:38:11
our final segment we'll review important
00:38:14
facts from our program and tell you
00:38:17
about additional resources you can
00:38:18
access to find out more information
00:38:20
hipper
00:38:21
[Music]
00:38:27
by now you should have a better
00:38:29
understanding of the many aspects of
00:38:31
complying with HIPAA administrative
00:38:33
simplification provisions remember that
00:38:36
the next compliance date is April 14
00:38:39
2003 this is a deadline for meeting the
00:38:42
privacy requirements with the exception
00:38:45
of small health plans who have another
00:38:47
year then just two days later is the
00:38:50
testing deadline for all covered
00:38:52
entities who submitted a compliance
00:38:54
extension form compliance with the
00:38:57
electronic transactions and code set
00:39:00
standards for all covered entities
00:39:02
including small health plans is required
00:39:05
by October 16 2003 the compliance
00:39:10
deadline for privacy is April 14th 2004
00:39:13
for small health plans the compliance
00:39:17
date for national employer identifier is
00:39:19
July 30th 2004 for all covered entities
00:39:23
except small health plans small health
00:39:27
plans have until August 1st 2005 to
00:39:30
comply the compliance date for security
00:39:33
is April 21st 2005 for all covered
00:39:37
entities except small health plans small
00:39:40
health plans have until April 21st 2006
00:39:44
to comply to find out more information
00:39:47
about HIPAA administrative
00:39:49
simplification there are a number of
00:39:51
resources available the HIPAA hotline
00:39:54
number is available to answer your
00:39:55
questions
00:39:56
that number is 186 - 8 - 0 6 5 9 this
00:40:04
hotline can help you with your questions
00:40:06
about electronic transactions and code
00:40:08
sets unique identifier z' and security
00:40:11
please direct your privacy questions to
00:40:14
the HIPAA privacy hotline that number is
00:40:17
186 6 6 to 7 7 7 4 8 the CMS HIPAA
00:40:24
website is another good resource of
00:40:26
information it's updated frequently and
00:40:29
provides access to free tools and
00:40:31
information such as the covered entity
00:40:34
decision tool a provider readiness
00:40:36
checklist information on upcoming
00:40:39
conference calls and enforcement
00:40:41
information plus access to frequently
00:40:44
asked questions about HIPAA the address
00:40:47
is wwg ms HHS gov / HIPAA / HIPAA - for
00:41:01
more information on the HIPAA privacy
00:41:03
provisions visit WWH HS govt / OC r /
00:41:11
HIPAA this website includes privacy
00:41:15
guidance documents and sample business
00:41:17
associate contract provisions here are
00:41:20
some additional web resources that you
00:41:22
might find useful
00:41:24
[Music]
00:42:04
you
00:42:06
[Music]
00:42:14
we hope you have found the information
00:42:16
in this program helpful in your efforts
00:42:18
to comply with the administrative
00:42:19
simplification provisions of pepper
00:42:21
thank you for watching and remember to
00:42:24
check our website for the latest HIPPA
00:42:26
information
00:42:30
[Music]
00:43:00
you
00:43:02
[Music]