The Health Insurance Portability and Accountability Act – HIPAA

HIPAA was passed in 1996 with the goal of providing needed reforms in health care. The act had three primary objectives, the first being to make sure people could keep their health insurance when they were between jobs. Up through the 1980s manufacturing jobs had been one of the pillars of the American economy. It was common for blue collar workers to be employed with the same company over their lifetime as they moved up the ranks and eventually retired.

As globalization was going into full swing in the 1990s, the US economy began to change with the result that the labor market was becoming much more fluid. It was increasingly common for a person to have several employers over his or her lifetime, and Title I of HIPAA was in response to this trend, ensuring that healthcare coverage remained in place during periods of unemployment.

What would have a much greater effect on the medical billing and coding industry is Title II of HIPAA,which was aimed at accomplishing the act’s second and third primary objectives: simplifying and standardizing the nation’s healthcare system as well as adding greater security protection to private healthcare information.

This follows the logical conclusion that to fulfill the Title I objective of making health insurance more portable, the industry would need to be standardized so insurance companies could speak the same language. And foreseeing private healthcare information changing hands between providers, billing and coding professionals, and insurance companies – including the federal agency responsible for the Medicare and Medicaid programs, CMS – HIPAA also set in place the framework to protect this confidential patient information.

In the medical billing and coding field, professionals will most likely be familiar with HIPAA in their attempts to avoid making HIPPA violations. Because confidential patient information is an important part of medical billing and coding, avoiding a HIPAA violation is constantly in the back of the mind of every professional in this field. These violations relate to specific portions of the HIPAA legislation contained within Title II of the act.

As a piece of legislation with broad implications that mandated sweeping reforms, implementing HIPAA was not done overnight. Private, public, and government agencies involved in the healthcare sector worked together for years to develop implementation guidelines to meet the demands required by the new HIPAA law. These new rules came into effect at different times and affected different actors in the healthcare system. The following rules are the ones which medical billing and coding professionals should be most aware of.

Privacy Rule – This came into effect in 2003 and gives patients more rights about who can have access to their protected health information, such as medical records. Billing and coding professionals are entitled to this information without a patient’s written consent as long as this access is to further healthcare operations or payments. Billing and coding professionals must also take care not to disclose this information to inappropriate parties.

Security Rule – Also from 2003, this established the proper security anyone handling protected health information must follow. For medical billing and coding professionals, this means electronic devices must be password-protected and stored in a secure, locked facility.

Health Information Technology for Economic and Clinical Health (HITECH) Act – Passed in 2009 as part of the American Recovery and Reinvestment Act, this legislation had a significant impact on HIPAA as it encouraged the digitization of healthcare information. In other words, to make the healthcare system more efficient, the HITECH Act encourages the system to use computers and recent advances in technology. This continues to result in a greater amount of confidential healthcare information being available electronically. Also importantly, the HITECH Act requires any organization covered by HIPAA to report electronic data breaches to both the government and the affected persons.

Final Omnibus Rule – This was enacted in 2013 as part of HIPAA to clarify confidentiality regulations in response to the growing amount of sensitive information being available electronically. This effectively was when data breech rules contained in the HITECH Act became implemented as part of HIPAA.