Health Insurance Portability and Accountability Act (HIPAA) Of 1996, Essay Example

Introduction

The HIPAA was enacted in 1996 by the U.S. Congress. It contains two sections, Title I and II. Title I functions at protecting the health insurance of all workers in the U.S. and their families when they lose or change their jobs. Under this section, HIPAA regulates and controls the availability of group health plans and health insurance policies. In its functioning, it necessitated the amendment of ERISA (Employee Retirement Income Security Act) of 1974, PHSA (Public Health Service Act) and the Internal Revenue Code.  ERISA is an American statute that deals with establishment of standards for pension plans in industries. It also has extensive rules on federal income tax with effects of transactions pertaining to employee benefit plans. Title II on the other hand seeks to establish the national standards in electronic care transactions and identifiers for the national providers, the employers and the health insurance plans. The Title II is also referred to as the Administrative Simplification (AS). This section deals with the privacy and security of Health Data. The rules and standards contained in the section are intended at improving the efficiency and effectiveness of the health care system in the U.S. This objective is achieved by advocacy to the use of Electronic Data Interchange (EDI) in the nation’s health care system. Electronic Data Interchange entails the structured electronic transmission of data between many different organizations in the nation. For instance electronic documents are transferred between two or more computer systems or trading partners.

Processes Undertaken in writing standards and rules

According to (Rebecca, 2007), Health Insurance Portability and Accountability Act are rules and standards that are meant to improve the health, well-being and the safety of all American citizens. These rules and standards were created under the U.S. Department of Health Human Services. The process began by Identification of the objectives of the act. These objectives include: improvement of the portability and continuity of the coverage for health insurance in individual and group markets, combating waste, fraud and abuse in the health care delivery and health insurance, to create easy access to long-term care services, to simplify health insurance administration, promoting use of medical savings accounts and many others. Some definitions of critical terminologies used in act were also made. For instance, a health plan, code set, a group health plan and many others.

The objectives were made possible through the amendment of the Internal Revenue Code of 1986. In Section I of the act, there was a table of content which had a short title that was meant to give the act a name as the “Health Insurance Portability and Accountability Act of 1996”. It was then was followed by the real table of content with the two major sections of the act, title I and title II. Title I gives a stipulation describing the Health Care Access, Portability and Renewability while Title II gives all the rules that are required to combat health care fraud and abuse. It also contains the Administrative Simplification (AS) and Medical Liability Reform. It defines several offenses pertaining to health care and their criminal penalties.

This section stipulates several programs that are meant to control fraud and abuse in the health care system. It makes provisions of how the Health and Human Services (HHS) department drafts rules to increase the efficiency in Health care system. The rules only apply to the covered entities as shown by Carol and Dan (2008). These covered entities include: health plans, health care providers and health cares, and health care clearing houses. Under title II, the Health and Human Services Department created five major rules in the Administrative Simplification. They include the Privacy Rule, the Unique Identifiers Rule, the Enforcement Rule, the Security Rule, and the Transactions and Code Sets Rule.

The Privacy Rule is a Federal Law that provides stipulations that controls the manner in which the information in possession of the covered entities is used and disclosed. Otherwise, it is a rule that governs the use and disclosure of PHI (Protected Health Information). PHI is any information in possession of the covered entities describing health status, an individual’s payment for health care services, and the actual provision of the healthcare services. The PHI also includes an individual’s payment and medical record. The Privacy Rule shows with clear definitions and specifications of who should view and receive an individuals medical or health information and who should not, what specific health information is protected and how, and the specific rights that everyone has on his/her health information.

The Unique Identifiers Rule provides that all covered entities must only use NPI (National Provider Identifier) in identification of covered health care providers. This is actually most applicable when using electronic communications.

The Security Rule is similar to Privacy Rule but only differs in the sense that it specifically applies to EPHI (Electronic Protected Health Information). The rule uses three types of security safeguards to set various security standards under which it defines the required implementation specifications. These safeguards include physical, administrative and technical safeguards.

The Enforcement Rule attaches money penalties on violation of the HIPAA rules. It shows clear procedures for staging investigations and hearings on the HIPAA violations.

The processes undertaken in the implementation of rules

After the creation of the act and now in the process of enactment of HIPAA, the medical centers and medical practices were forced to ensure that they are into compliance with these new rules and regulations in the medical sector. Brettney (2005) says that it was clear to them that failure to observe the measures set in the privacy and security acts would mean severe penalties as stipulated by the act. This would therefore mean that the institutions would make less, negative or even no profits at all since the penalties centers more on money charges as prescribed under the enforcement rule. The medical centers and the practitioners had to enter into consultancy with the HIPAA consultants to seek familiarity at least with every aspect of the document on the legislation. The consultants were very committed to ensuring that the medical centers and the practitioners were fully in compliance with the act. This whole process went into a great financial cost on the part of the medical centers and the physicians. This is because there was too much of the staff time and the paper work spent in the process of meeting the legal requirements of Health Insurance Portability Act.

However, it was realized as pointed out by (Carol and Dan, 2008) that the complexity of the HIPAA coupled with the stiff penalties on violation of the legislature created a great confusion on the part of many medical physicians and centers. Most of them did not understand their rights according to the extent and limitations in disclosing the health information to anyone. Therefore for fear of penalties, both of these two parties ended up withholding important health information from those who had a right to it. This led the U.S. Government Accountability Office (GAO) to review the implementation of the HIPAA Privacy Rule. This review made it clear that the centers and the physicians were not sure of their legal privacy responsibilities; therefore making them take an overly protective guard against disclosing any information for fear that it might otherwise lead them to penalties.

Processes undertaken in Enforcement of the standards and rules

In its enforcement and operation, HIPAA works with insurance regulators and three agencies in the US. These include HHS (Health and Human Services), Labor and Treasury departments. The insurance regulators function at regulating the authority over the carriers. Carriers include the managed care organizations and the traditional insurers in the states with more comprehensive health insurance standards or that enforce the federal ones. According to (Rebecca, 2007), if it was found that a state does not enforce standards for carriers that are in line with the federal law, the Health and Human Services department works in conjunction with the Health Care Financing Administration (HCFA) to ensure that the federal standards are enforced. The HIPAA granted the labor’s control responsibilities for the health coverage sponsored by the employers and empowered Treasury with authority to tax group health plans that are not complying with the HIPAA standards.

Steps were also taken to examine the federal regulations pertaining to HIPAA’s non-discriminating provisions meant for restricting health plans from denying any one the right to anything on the basis of health status. The HFCA was charged with many responsibilities that are all geared towards enforcing the federal law on HIPAA. These responsibilities include reviewing the policy forms and practices for the carriers, responding to complaints and inquiries from consumers, and imposing the civil penalties on carriers who do not comply with the standards. This penalty is set at up to $ 100per day on every single violation by a carrier to comply.

There was also the creation of the Paperwork Reduction Act which was meant to set standards on how most of the federal agencies would collect, maintain and use the collected information. It was also meant to set goals for reducing paperwork in the nation (Amstrong, Kline-Rogers and Goldman, 2005). This came after it was realized of how cumbersome the whole process of collecting information from patients had become since the implementation and enforcement of the HIPAA standards. As much as the information is important, the lengthy processes involved made the whole process less user-friendly to patients who had to read and sign the complex documents. The act requires national agencies to evaluate the importance of information and identify any burdens that respondents receive for responding to agency requests.

Conclusion

The HIPAA was an act that had the great functionality of providing minimum standards that are aimed at improving the access, the portability and the renewability of health insurance coverage in individual insurance markets and employer-sponsored groups. The act is characterized by a lot of positives in the health care system though it was also received with a lot of criticisms.

References

Amstrong D., Kline-Rogers E., Goldman E. (2005). “Potential impact of the HIPAA privacy rule in registry of patients”. Chicago: Chicago University Press

Brettney J. (2005). HIPAA Privacy Training for Home Care. New York: McMillan

Carol K., Dan K. (2008). HIPAA for Health Care Professionals. New York: Longhorn Publishers

Rebecca H. (2007). Practical Guide to HIPAA and Security Compliance. London: Falmer