Health Insurance Portability and Accountability Act (HIPAA)
What Is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act enacted by the Federal Government in 1996. Some portions of the law took place immediately, providing access to health care coverage and guaranteeing patient rights under employer plans. Other regulations, pertaining to "administrative simplification", privacy and security of patient and health information have recently been finalized or are still undergoing the process of finalization.
Who Is Affected?
The new laws will affect virtually all healthcare-related organizations. The regulations will impact all health plans, health care providers, health care business associates, clearinghouses, government medical assistance programs and other local and state government organizations that handle health care information.
The State of Alaska, Department of Health (DOH), both as a provider and payer of health services must comply with the administrative simplification provisions of HIPAA. The Department is actively engaged in the processes required to assess, develop and implement compliance plans by the federally mandated compliance dates.
HIPAA Regulation and State Laws
In adopting The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Congress determined that HIPAA federal regulation takes precedence over contrary state law unless state law is more stringent than federal law or unless a specific exception applies. The State of Alaska, Office of the Attorney General, has developed a preemption analysis comparing HIPAA regulation to current state law.
What Are The Regulations?
Electronic Transactions: The first provision of the law for administrative simplification, issued in October 2000, adopts and requires the use of specific standards for electronic transactions and code sets used in the electronic transmittal of health care information.
DOH Division of Healthcare Services (DHCS), as the administrator of the state's Medicaid program, is affected by HIPAA mandates regarding electronic data transmission. These HIPAA electronic transaction mandates may also affect health care providers who use Medicaid, Medicare or other third party insurers as a source of funding for client services. Please refer to the Electronic Transactions section of this site for more information regarding DHCS and the transaction extension deadline.
Privacy: The second regulation deals with the privacy, handling, disclosure and protection of health information. The regulation protects health information that 1) identifies an individual and 2) is maintained or exchanged electronically, orally or in paper format. The regulations also specify basic rights for individuals with respect to their individually identifiable health information.
Security: The third rule addresses physical and administrative security requirements for protected health information. Finalization of this regulation was in February, 2003.
Identifiers: These rules will establish standards for unique identifiers for providers, plans, employers and individuals. The standardization of the employer identifier became effective July 30, 2002.