Regulatory Affairs

Helpful HIPAA Links

• Department of Health and Human Services (DHHS)
• DHHS, Office of Civil Rights (OCR)
• 的发病率,中心的医生are & Medicaid Services (CMS)
• DHHS: Health Information Privacy
• Designated Standard Maintenance Organization (DSMO)
• Workgroup for Electronic Data Interchange (WEDI)

HIPAAOverview

The Health Insurance Portability and Accountability Act (HIPAA) was created to satisfy three objectives:

1. To provide for continued coverage of benefits between employment gaps (Portability),
2. To reduce healthcare fraud (Accountability), and
3. To reduce the cost of the administration of the healthcare industry (Administrative Simplification).

Administrative Simplification began as President George Bush, Sr. assembled a group of healthcare industry leaders to discuss the reduction of healthcare administration costs; increased electronic data interchange (EDI) was the overwhelming answer. Faced with resistance in Congress, the Act only passed with extensive industry support.

卫生部和人类服务部（DHHS）根据行政简化规则的目的界定：bob软件苹果怎么下载

1. To protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information;
2. To improve the quality of healthcare in the U.S. by restoring trust in the healthcare system among consumers, healthcare professionals, and the multitude of organizations and individuals committed to the delivery of care; and
3. Improve the efficiency and effectiveness of healthcare delivery by creating a national framework for health privacy protection that builds on efforts by states, health systems, and individual organizations and individuals.

[65 Fed. Reg. 82463 (December 28, 2000)]

Three Major Elements of Administrative Simplification

The Standards for Electronic Transactions and Code Sets

The cost of administration in the healthcare industry is very high. Providers, insurers, health plans, and others have utilized many different electronic data formats and transmission requirements. This complex web of data interchange has resulted in delays, confusing rejections, bureaucratic authorization processes, and low levels of remittance. The creation of national conformance standards covering the most routine electronic transmissions has the potential of reducing the resources – financial, time, and human – necessary to do business in the healthcare industry, as well as enhance the effectiveness of the intended transactions. The Standards for Electronic Transactions regulation has established mandatory transaction and coding requirements for defined electronic transactions. Providers are able to submit standard transactions to health plans and payers that have to accept them. Hence, electronic data interchange enables healthcare facilities to pursue the most effective and efficient use of modern information technology in the administration of their organizations.

Congress also recognized the power of modern information technology. Continually advancing technology enables the collection and aggregation of large quantities of data in any desired format or structure; subjects these data to endless permutations of sorting, filtering, and analysis; and the instantaneously widely distributes the raw data or analysis results – all without significant human thought. Hence, the need to protect the privacy and security of patient health information is unquestionable.

安全和电子签名标准（“安全性”）和可单独可识别的健康信息标准的隐私（“隐私”）包括一支旨在保护患者健康信息的法规。隐私定义了适用的患者信息的允许访问，使用和披露的允许手段，而安全性管理保护此信息所需的操作，物理和技术机制。

Standards for Privacy of Individually Identifiable Health Information

The Privacy rule is intended to prevent the unreasonable offense against patient’s interest in restricting unnecessary knowledge or dissemination of personal information provided or accumulated to assist in their diagnosis or treatment. The specific requirements restrict access, use, or disclosure of personal patient information to those legitimately involved in the patient’s treatment, the healthcare facility’s required operations, and billing for the treatment.

Security and Electronic Signature Standards

The Security rule is intended to ensure that organizations that hold personal patient information provide operational, physical, and technical protections to support privacy restrictions. That is, the organization must create a comprehensive system of operational, physical, and technical protections to prevent unintended access, use, and disclosure of protected information. Security refers to protections at three levels:

• Confidentiality – Protection of entrusted information from unauthorized use, access, or disclosure;

• Integrity – Preservation of the specific nature, character, and content of the information; and

• 可用性 - 能够访问，使用或披露有效和有效的时间，地点和方式的信息。