Health Insurance Portability and Accountability Act [HIPAA]

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is the Health Insurance Portability and Accountability Act of 1996. Title I guarantees health insurance access, portability and renewal, eliminates some preexisting conditions clauses and prohibits discrimination based on health status.

A preexisting condition is any medical condition that has been diagnosed and treated by a medical professional within six months before the enrollment date. These preexisting conditions can be excluded from medical coverage under a new policy. Exclusion date begins at the start of the enrollment wait period, not the first date of insurance coverage. Exclusion of the condition cannot last more than 12 months (18 months for late enrollees) from the date of enrollment. The exclusion is reduced by the number of days of the individual’s prior creditable coverage (without more than a 63 day break in coverage). Creditable coverage refers to the time in which a person is covered by health insurance, including COBRA. Preexisting condition exclusion can not be applied to pregnancy as well as newborn or adopted children under 18.

Title II of HIPAA creates fraud and abuse controls, standards to ensure administrative simplification and contains the rules for protecting the confidentiality and integrity of a client’s health information.

The most familiar to Case Managers is the safeguarding of protected health information (PHI). HIPAA covers releases of PHI released, transferred, or divulged outside the agency. HIPAA compliance is required when using fax, phone and internet communications. The act covers not only formal records, but also personal notes and billing information.

The agency’s HIPAA form must be in plain, understandable language and include the agency’s privacy and confidentiality procedures. The form must include to whom the information might be released and the purpose for releasing the information. It must be signed and dated by the client and have an expiration date. Information released under HIPAA becomes protected under the confidentiality guidelines of the organization receiving the information. The agency must have a privacy officer and safeguards to protect client records. The safeguards include electronic security of files (e.g. passwords) and security of work areas and destruction of files/information.

Title II calls for administrative simplification by requiring enrollment, eligibility and claims processing to be completed electronically via electronic data interchange transactions.  It also requires unique health identifiers for individuals, healthcare providers, employers and health plans.