The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was signed into law by President Clinton on August 21, 1996. The act was originally created to guarantee that health insurance coverage is available to workers and their families when they change or lose their jobs. The law's original scope has expanded and now requires the Secretary of Health and Human Services to standardize the data content and format for electronic transactions (administrative simplification), keep personal health care information confidential, allow physical access to records, and initiate national identifiers for providers, employers, and health plans.
Administrative Simplification - Three major components of the healthcare industry, as defined in this legislation, are treatment, payment, and operations. The Secretary of Health and Human Services (HHS) was given the authority, through HIPAA, to simplify these three functions of the health care industry through "administrative simplification" rules. These rules were designed to reduce the cost of administering both private and public health plans. The law allows standards for electronic medical-related transactions and data elements for such transactions. The end result will enable health information to be exchanged electronically, which should help reduce healthcare costs and provide better care to patients.
Code Sets - Code sets are defined as either internal or external. Internal code sets are specified by the Accredited Standards Committee X12N Implementation Guides and are transaction specific. External codes can be medical or non-medical, and are maintained by external organizations to allow for more rapid implementation of revisions.
Taxonomy - Provider taxonomy standardizes and simplifies the classification of provider types, provider specialties, and categories of service so there will be consistency from one payer to another.
Covered Entity - Administrative Simplification defines a covered entity as a health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a covered transaction.
Privacy - The Privacy Rule for the first time creates national standards to protect individuals' medical records and other personal health information. The rule gives the patients more control over their health information by setting boundaries on the use and release of health records and by establishing appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
Security - The purpose of the Security Rule is to adopt national standards for safeguards to protect the confidentiality, integrity, and availability of electronic protected health information and require that measures to be taken to secure this information while in the custody of entities covered by HIPAA (covered entities) as well as in transit between covered entities and from covered entities to others.
HIPAA Mandated Transactions - The law does not require providers to submit transactions electronically. It does require that all transactions submitted electronically comply with the standards. To comply with the transaction standards, health care providers and health plans may exchange the standard transactions directly, or they may contract with a clearinghouse to perform this function.