Privacy
HIPAA Overview
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is composed of many rules that will impact all of us in one way or another.

The first Rule, Portability, is in place. It limits exclusions for preexisting conditions, prohibits discrimination against employees and dependents based on their health status, and guarantees renewability and availability of health coverage to employees and individuals. It does not require employers to offer health coverage or require plans to provide specific benefits and when employees change jobs, the new employer is not required to offer the same benefits the employee received under the previous health plan. The “Portability” portion has been in effect since 1996.
Administrative Simplification: An Industry-Wide Revolution

Part 2 of HIPAA focuses on Administrative Simplification. This set of rules is anything but simple, but portions of them are of high interest to consumers, healthcare providers, health plans and business partners. Administrative Simplification promises to make the business of healthcare easier to manage by mandating new standards and procedures that promote standardization and efficiency in the healthcare industry. Today’s healthcare industry relies more and more on advances in technology to help administer health care. But, changing the nation’s largest billing system hasn’t been easy. In 2003, healthcare expenditures are estimated to be nearly $1.6 trillion, but expected to grow to $3.2 trillion by 2012.

At a time when healthcare costs continue to skyrocket, the nation’s healthcare system had to change—and this change will affect all of us.

Other industries set a strong case for unified standards. You can use your ATM card to conduct financial transactions at any bank; your cars or trucks are manufactured in different parts of the world because manufacturers use one set of standards. You can purchase jewelry to cars and homes online, and soon, you’ll be able to conduct all your healthcare transactions with one card.

To establish a baseline, the universal system requires strict attention to patients' privacy (the Privacy Rule) and electronic security of health information (Security Rule). With those in place, the business of healthcare could begin transferring electronic files for billing purposes, using specifications spelled out in the Transactions and Code Sets Rule. Standard Identifiers will allow healthcare providers to use one specified identification code for all payers, rather than using 30 or 40 identifiers currently in place.

HHS Establishes Compliance Monitoring
In the Privacy Rule, HHS has delegated responsibility to educate and train patients and monitor their complaints to the Office for Civil Rights (OCR) (http://www.hhs.gov/topics/privacy.html). This means that HIPAA compliance will be primarily complaint driven. OCR will investigate those complaints, but it's more likely that plaintiff's attorneys will handle the majority of those complaints outside of OCR.

The Enforcement agencies for the Security Rule, Transactions and Code Sets, and the National Identifier Standards are the Centers for Medicare and Medicaid Services (CMS).

Non-compliance includes fines, business disruption, and in extreme cases, prison terms. So, you can comply with HIPAA to simplify the administrative obstacles and improve your cash flow, or you can comply because it's the law.

" Compliance itself is a non-competitive issue," says Laiden Bain, CIO, Duke University Health System. You win by working with health law attorneys, HIPAA trainers, health plans, business associates and vendors.”

Simplified Training Solutions’ position is that the best strategy for disaster prevention is timely and effective training.