HIT Workshop Day 3

Privacy Security Identifiers Transactions and Code Sets (TCS)

HIPAA Regulations
Health Insurance Portability and Accountability Act (HIPAA) regulations are divided into four Standards or Rules: (1) Privacy (2) Security (3) Identifiers (4) Transactions and Code Sets (TCS)

HIPAA Privacy Rule

HIPAA privacy rule
Broad federal regulation Adopted in 1996

HIPAA goals
Improve portability and continuity of health insurance Manage waste, fraud, and abuse of health care delivery Reduce costs and increase efficiency by standardizing the interchange of electronic data Protect the privacy of personal health records

HIPAA Privacy Rule Contd.

HIPAA privacy rule regulates:
Health care providers Health plans Health care clearinghouses Collectively called Covered Entities (CE)

Rule extends to Business Associates (BAs) of Covered Entities Business Associate Agreements
Contracts between CEs and BAs ensuring HIPAA is followed

Definitions
Business Associate (BA) A person or other entity that performs functions for a Covered Entity as defined by HIPAA. Covered Entities (CE) Health care providers, health plans, and health care clearinghouses covered by HIPAA. Transaction and Code Sets Rule (TCS) A HIPAA regulation that mandates consistent electronic interchange of PHI for all Covered Entities.

HIPAA Security Rule

Focuses on electronically transmitted or stored PHI
Known as ePHI

Narrower focus than the privacy rule Seeks to ensure Covered Entities provide certain administrative, physical, and technical safeguards for data

HIPAA Identifier Rule

Mandates all Covered Entities storing or transmitting ePHI have a National Provider Identifier (NPI)
Covered health care providers and all health plans and health care clearinghouses must use it. Not just physicians but facilities and other providers (ex. Nurse Practitioners) 10 digit number Replaces all other identification from Medicare, Medicaid, and other government programs

HIPAA Transaction and Code Sets Rule (TCS)

Mandates consistent electronic interchange of PHI Electronic data interchange for health care Technology is tested and proven from use in other industries Several standards exist
ANSI X.12 standard

TCS
Unlike the HIPAA Privacy Rule, which applies to protected health information (PHI) in "any form or medium," the TCS Rule covers only PHI in electronic form.

 The TCS Rule encompasses the following standard electronic transaction formats - Health Care Claims or equivalent encounter information (X12N 837) Eligibility for a Health Plan (X12N 270/271) Referral Certification and Authorization (X12N 278 for retail pharmacy) Health Care Claim Status (X12N 276/277) Enrollment and Disenrollment in a Health Plan (X12N 834) Health Care Payment and Remittance Advice (X12N 835) Health Plan Premium Payments (X12N 820) Coordination of Benefits (X12N 837 or NCPDP for retail pharmacy).

TCS-Standard Electronic Transaction Formats