Digitech, A Leader in EMS Software and Billing Services Digitech, A Leader in EMS Software and Billing Services
Digitech, A Leader in EMS Software and Billing Services

What is HIPPA?
What is HIPPA?

WHAT IS HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act signed into law in 1996.

Congress recognized the need for national patient record privacy standards in 1996 when they enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The law includes provisions designed to save money for health care businesses by encouraging electronic transactions, but it also requires new safeguards to protect the security and confidentiality of that information.

HIPAA consists of three rules designed to set national standards:

Transaction and Code Set Rule:
Transmission of electronic health care transactions

Privacy Rule:
Protection of individuals' medical records and other personal health information

Security Rule
Physical, administrative and technical safeguards to protect the privacy of health information


Who must comply with the new HIPAA standards?
"Covered entities" that must comply with the new HIPAA rules are Health Plans, Health Care Clearinghouses, and Health Care Providers who conduct certain financial and administrative transactions electronically.


When must covered entities be in compliance with HIPAA?

  • Transaction and Code Set Rule (Standards for Electronic Transactions): Deadline October 16, 2002 (unless a one-year extension was filed by the covered entity)
  • Privacy Rule: April 14, 2003


What are certain "covered entities" required to do to comply with HIPAA?

  • Patient education on privacy protections. Providers and health plans will be required to give patients a clear written explanation of how the covered entity may use and disclose their health information.
  • Ensuring patient access to their medical records. Patients will be able to see and get copies of their records, and request amendments. In addition, a history of non-routine disclosures must be made accessible to patients.
  • Receiving patient consent before information is released. Health care providers who see patients will be required to obtain patient consent before sharing their information for treatment, payment, and health care operations. In addition, separate patient authorization must be obtained for non-routine disclosures and most non-health care purposes. Patients will have the right to request restrictions on the uses and disclosures of their information.
  • Providing recourse if privacy protections are violated. People will have the right to file a formal complaint with a covered provider or health plan, or with HHS, about violations of the provisions of this rule or the policies and procedures of the covered entity.

Boundaries on Medical Record Use and Release
With few exceptions, such as appropriate law enforcement needs, an individual's health information may only be used for health purposes.
  • Ensuring that health information is not used for non-health purposes. Health information covered by the rule generally may not be used for purposes not related to health care - such as disclosures to employers to make personnel decisions, or to financial institutions - without explicit authorization from the individual.
  • Providing the minimum amount of information necessary. In general, disclosures of information will be limited to the minimum necessary for the purpose of the disclosure. However, this provision does not apply to the disclosure of medical records for treatment purposes because physicians, specialists, and other providers need access to the full record to provide quality care


Ensure the Security of Protected Health Information
The final rule establishes the privacy safeguard standards that covered entities must meet, but it gives covered entities the flexibility to design their own policies and procedures to meet those standards. The requirements are flexible and scalable to account for the nature of each entity's business, and its size and resources. Covered entities generally will have to:

  • Adopt written privacy procedures. These include who has access to protected information, how it will be used within the entity, and when the information may be disclosed. Covered entities will also need to take steps to ensure that their business associates protect the privacy of health information.
  • Train employees and designate a privacy officer. Covered entities will need to train their employees in their privacy procedures, and must designate an individual to be responsible for ensuring the procedures are followed.


How does HIPAA apply to Digitech's Billing Services?
Digitech's Billing Service is considered a "covered entity" under the HIPAA rule due to the fact that we transmit electronic claims on our clients' behalf. We must adhere to requirements of the HIPAA rule to safeguard our clients' patient health information and transmit electronic claims using the X.12 format.


What is Digitech doing to assist ambulance providers in their move towards HIPAA compliancy?
Digitech has consulted Page, Wolfberg & Wirth, LLC, a leading EMS law firm on the new privacy and security rule and steps ambulance providers need to take to safeguard patient's Protected Health Information (PHI). We have taken the following measures to assist our clients in their move towards HIPAA compliancy. Our software provides the following set of features to facilitate the management, uses and disclosures of PHI:

  • Security controls to limit access to users who have a need.
  • Audit trail and Reports on unauthorized non-TPO (Treatment, Payment and Operation) uses and disclosures of PHI - such as in response to a subpoena.
  • Tracking of Notice of Privacy Practices (NPP), version notice, date and signature authorization and acknowledgement of receipt.
  • Capability to print client's NPP.
  • Flash dispatch notes when NPP and signature (if necessary) is required for new patients.
  • Track Patient's Access Requests to PHI, due date of request, denial reason for instance in the anticipation of a lawsuit, reports on outstanding requests, reports on reasons for denial, and reports on resolution of denials.
  • Tracking of Patient's request to Amend PHI, due date of request, reason for denial, reports on outstanding requests and reports on resolution of denials.
  • An accounting - audit trail and reports - of all unauthorized, non-TPO disclosures of PHI in the 6 year period prior to the request (except prior to April 14, 2003).
  • An accounting of uses and disclosures of PHI in response to a subpoena or for law enforcement purposes.
  • Imaging capability to scan and store request forms, ACRs and other documentation.

As a billing service, we are considered a "covered entity" under the new federal privacy law. We have takenthe following measures to meet HIPAA requirements: Institute policies and procedures to safeguard PHI and train our employees on HIPAA regulations so they understand the privacy procedures. Secure patient records through physical and technical means so they are not readily available to those who do not need them. Provide value-added services such as mailing and tracking NPP's for emergency transports if requested by the client. Provide imaging capability to store documentation and request forms if requested by the client. Provide features in our call taking and dispatching software to facilitate the management, uses and disclosures of PHI (see features above).


For more information on HIPAA visit:

Centers for Medicare & Medicaid Services:
http://www.cms.hhs.gov/hipaa

HIPAA Administrative Simplification:
http://www.cms.hhs.gov/hipaa/hipaa2/default.asp

HIPAA Standards & Rules:
http://aspe.os.dhhs.gov/admnsimp


Other HIPAA Resources and Education:

Page, Wolfberg & Wirth, LLC:
http://www.pwwemslaw.com

 
 
 
All contents © copyright 1998 - 2007 Digitech Computer, Inc.
content label / privacy statement / security / site map
Designed & maintained by Crafting Solutions