Although it was not fully implemented until 2003, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted to insure that people between jobs would have access to quality health care coverage. Changing insurance carriers before HIPAA was difficult or impossible without facing lowered coverage or exorbitant premiums. The Act was also intended to guard private health care information and create a uniform rules for dispersing personal information.
Under HIPAA, the U.S. Department of Health and Human Services (HHS) has the authority to create standard controls for the secure management and transfer of sensitive personal health information. HHS is also empowered to implement procedures necessary to secure your personal information and protect the privacy of this health care information.
RIA's Checkpoint has now integrated the industry's leading tax compliance and planning resources from PPC PPC’s Tax Deskbooks™, renowned for the unique Key Issues Approach to step-by-step return preparation, and PPC’s Business Tax Planning Library™, which provides tax return roadmaps and practice aids to quickly identify potential tax planning opportunities from completed tax returns.
Try PPC's Tax Deskbooks™ on Checkpoint and PPC's Business Tax Planning Library™ on Checkpoint FREE for 30 days.
The final HIPAA rules state that individually identifable health information must be protected from intentional or unintentional misuse or disclosure by covered entities. Covered entities in this case include:
- All health plans
- All health information clearinghouses
- Health care providers who engage directly in HIPAA standard electronic transactions or through contractual arrangements.
Electronic transactions as referenced above include:
- computer to computer transmission of healthcare claims
- payment and remittance
- benefit information
- health plan eligibility information.
Although it might seem that HIPAA only applies to doctors and insurance companies, individuals may receive a HIPAA pamphlet and been asked to sign a form stating that you received this information when visiting your doctor or the pharmacy. The form allows you to indicate who may and may not review your personal health care information. Although just signing the form may be the norm, reading and understanding the information contained therein and its implications to you may be a better idea. You might be startled when reading about how and with whom your private health care information can be shared.
The penalties for the misuse of personal health information are severe. The HHS Office for Civil Rights is responsible for enforcing HIPAA privacy rules. Entities abusing the rules will face civil penalties up to $25,000 per year and criminal penalties from $50,000 and one year in prison to $250,000 and ten years in prison under final HIPAA rules.
More information is available on HIPAA at several web sites.
- The Office for the Advancement of Telehealth provides an outline of HIPAA privacy topics at telehealth.hrsa.gov/pubs/hipaa.htm and can also be reached at (301) 443-0447.
- Business and Legal Reports (BLR) provides a plain-English HIPAA Privacy Guide for employers including model documents and language for privacy notices, authorization forms, training, and all key policies and procedures. This guide can be downloaded for a fee at www.blr.com/product.cfm?product=30505800&source=mkd&effort=1455. The BLR HIPAA Privacy Guide For Employers is also available in printed format and can be ordered on this page.
- You can also see the final HIPAA rules on the Health and Human Services web site at aspe.hhs.gov/admnsimp/ . A quick reference fact sheet on the final HIPAA rules is available at aspe.hhs.gov/admnsimp/final/pvcfact1.htm.