The Health Insurance Portability and Accountability Act (HIPAA) is a far-reaching federal law that includes several key components to protect health insurance coverage for individuals when they lose or change jobs, as well as simplify the administrative burden across the healthcare delivery system.  The Administrative Simplification (AS) provision of HIPAA is in the process of being implemented and is receiving much attention from providers, health plans, insurers and information clearinghouses.  It is specifically designed to reduce the barriers associated with the electronic transfer of health information between organizations and more generally, to increase the efficiency and cost effectiveness of the US healthcare system.  In addition, standards for the security and privacy of Protected Health Information (PHI) are included and are being implemented by all those engaged in healthcare delivery and service.  This section has been developed to share additional information on the HIPAA requirements and provide a summary of MediGuide’s efforts to comply with all the HIPAA standards.

There are four primary components of HIPAAs Administrative Simplification requirements:

Transaction and Code Set Standards

In order to simplify the exchange of electronic information within the healthcare system, standards have been developed for many of the most common types of transactions including claims payment/status, eligibility and benefit verification, enrollment, authorization/referrals and premium payments.  There are currently several hundred different types of these transactions that are exchanged and the intent of the law is to standardize one format for these critical transaction types for use in electronic information exchanges.  In addition, standard code sets have been developed to simplify the diagnostic and treatment reporting processes so that a common definition is used across the healthcare system.  Reducing the number of formats and code sets utilized is anticipated to reduce the inefficiencies inherent in electronic data interfaces as well as the administrative costs associated with processing the majority of common transactions.

Privacy Standards

Privacy is defined as controlling who is authorized to access information and the right of individuals to keep information about themselves from being disclosed without their consent.  The HIPAA regulations address five basic principles of privacy protections: 

• Boundaries – use of protected health information for intended purposes (treatment, payment and healthcare operations) only
• Security – administrative, technical and physical mechanisms to keep information private
• Consumer Control – informed consent of individuals to use their information and the right to access and amend information
• Accountability – penalties for violations of the Privacy Regulations
• Public Responsibility – process for disclosing information for public health, research and legal purposes

Security Standards

Security is defined as the ability to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction or loss.  The HIPAA requirements include three categories of security requirements: 

• Administrative Procedures – operating policies and procedures to ensure the security of protected health information
• Technical Standards – information system mechanisms to ensure the security of protected health information maintained in electronic form
• Physical Safeguards – facility controls to ensure the protection of information from unintended access, disclosure or loss

Unique Identifiers

A key goal of the HIPAA regulations is to assign one unique identifier to each of the following groups: 

• Employers
• Health plans
• Providers

Currently, each of these groups may have different identification numbers within the respective systems of the other or even have multiple identifiers.  For example, an individual provider may have a different provider number with each health plan that they are contracted with.  HIPAA intends to simplify this so that a unique identifier for this provider would be the same no matter who the contracted health plan is.

MediGuide Compliance

MediGuide is a party to a series of transactions between individuals and institutions occurring in the process of delivering Second Opinion services. MediGuide adheres to HIPAA requirements and maintains appropriate legal and business procedures in communications with its clients, vendors, and partners.