HIPAA is the federal Health Insurance Portability and Accountability Act of 1996, passed with bipartisan and widespread support of the health care industry. Its primary purpose is ensuring the portability and continuity of health insurance, particularly when individuals change jobs. A lesser-known aspect of the law is the Administrative Simplification provision.
HIPAA Administrative Simplification is implemented through federal regulations issued by the Department of Health and Human Services (DHHS). Its purpose is to reduce the costs of the administration of health care by encouraging increased automation of billing and other transactions. Such automation is facilitated and made more affordable through standardization.
- At the core are standards for the content and format of electronic transactions used in billing, payment and other health care administrative functions. These standards use Electronic Data Interchange (EDI) technology which has become widely used in banking and other industries.
- Other standards enable the core transaction standards.
- Because automated information can be more accessible and more easily abused, new regulations will govern the privacy and security of patient information.
- Another set of regulations will provide nationwide, standard identifiers for providers, health plans and employers.
- A final regulation will cover enforcement of the rules.
All standards are based on existing, national, industry standards whenever possible.
The Administrative Simplification provisions of HIPAA apply to three kinds of "covered entities" specified in the law.
- Health plans are generally defined as any individual or group plan that provides or pays for medical care. Not all public programs which provide or pay for health care are covered. Covered health plans must be able to process any standard electronic transactions they receive.
- Any health care provider that transmits health information in electronic form in connection with one of the transactions used in providing or paying for health care. Providers may continue to conduct transactions manually, but any covered transactions they do electronically must meet the standards (unless they are using a clearinghouse).
- Healthcare clearinghouses, which translate electronic transactions between standard and non-standard forms.
Whether an entity is "covered" under HIPAA applies to the privacy as well as the transactions rule (only these two rules are final as of the writing of this summary). Business associates of covered entities are also impacted by HIPAA when they perform covered transactions on behalf of a covered entity, or when they receive protected patient health information from the same.