Health Insurance Portability and Accountability Act of 1996 White Paper

INTRODUCTION

This document is intended to define Pathway Review Systems continued commitment to compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The goal of HIPAA is to simplify the business administration of the healthcare system by making it more efficient, and as a result more cost effective. HIPAA provides for the standardization of electronic transactions, code sets and identifiers. It also outlines requirements regarding security and privacy of healthcare information.  

Pathway Review Systems is determined to comply with HIPAA standards. The Senior Management Team and Board of Directors of Pathway Review Systems are committed to the compliancy of all HIPAA standards.

As a result, Pathway Review Systems has established a cross-functional HIPAA Task Force to lead the organization in its compliance efforts.

HIPAA BACKGROUND

Congress enacted the Health Insurance Portability and Accountability Act of 1996 primarily to ensure the continuity of health insurance coverage for individuals changing health plans.   A significant component within HIPAA is the Administrative Simplification Subsection. It is this subsection which has the greatest impact on Pathway Review Systems. The focus of this document is to address the requirements of the Administrative Simplification Subsection.

HIPAA CONTENT

Who is covered by HIPAA:

• The HIPAA regulations define a covered entity as either a health plan, a clearinghouse or a healthcare provider 

• The information covered by HIPAA is Protected Health Information (PHI) by which an individual can be associated with specific health care
• A business associate is defined as an organization who shares PHI with a covered entity

Administrative Simplification covers the following areas:

• National standards for electronic healthcare data transactions
• Standards for code sets used in transactionsNational standard identifiers for providers, employers and health plans (A national standard for individual identifiers has been put on hold indefinitely).

• Security and privacy standards to assure the safety and confidentiality of healthcare data

HIPAA Electronic Data Interchange (EDI) transaction and code set requirements apply to all health plans, clearinghouses and to those providers who elect to submit transactions electronically. Of the covered entities, providers alone have the choice to opt out by submitting only paper transactions.  Health plans, on the other hand, must adopt the electronic standards for any covered business transaction they conduct, even if they currently perform the function in a paper environment. A health plan or a provider may employ a clearinghouse to convert transactions to and from the HIPAA formats.  

While the HIPAA mandates do not directly apply to the business associates of a covered entity, the covered entity must contractually require compliance by any business associate acting on its behalf.

Pathway Review Systems continues to progress forward on compliance with EDI transaction and code set rules.

The transactions for which these standards are mandated by HIPAA include:

• Claims and encounter data submission – ANSI 837

• Claim payment and remittance advice – ANSI 835

• Claim status inquiry and response – ANSI 276/277

• Enrollments and benefits maintenance – ANSI 834

• Eligibility Inquiry and response – ANSI 270/271

• Healthcare services review, request and response – ANSI 278

Included in each transaction are mandated code sets. These include not only the expected clinical codes but also numerous administrative codes, many of which were previously used on a proprietary basis. Only the mandated codes are permitted in HIPAA standard transactions.

The privacy regulation component of HIPAA mandates the implementation of systems and procedures governing the use and disclosure of PHI. Covered entities are obligated to protect patient’s rights by maintaining the privacy of PHI that extends to electronic, written and oral communications and records.

Proposed rules have been issued for Security and Electronic Signature and National Employer Identifier as well as for the National Provider Identifier and Claims Attachments.  

HIPAA’S EFFECT ON Pathway Review Systems

Pathway Review Systems falls under HIPAA regulations both as a business associate of covered entities and as a covered entity. As a provider of case management services for health insurance plans, Pathway Review Systems is considered a business associate of those plans and is required to comply with HIPAA.   In addition, Pathway Review Systems provides case management services to federal, state, and locally funded Long Term Care Programs.  As a claims payer for these programs, Pathway Review Systems is a covered entity under HIPAA.

Compliance with the HIPAA regulations has required a significant investment in technology solutions, process development and staff resource. While there are considerable costs associated with HIPAA implementation, there are long term gains in efficiencies within the health care system due to technological and process standardization.  

Pathway Review Systems COMMITMENT

Pathway Review Systems and its Board of Directors are committed to meeting all HIPAA standards on or before the final compliance dates.   Pathway Review Systems has met the compliance date for HIPAA privacy standards as well as the EDI Transaction Set and Code Set compliance dates.  Pathway Review Systems will strive for compliance with all future HIPAA deadlines as they are established.  

To meet the compliance commitments of HIPAA, Pathway Review Systems has established a cross-functional HIPAA compliance committee.  The committee is responsible for developing, implementing and overseeing the HIPAA compliance plan for the organization. The Pathway Review Systems HIPAA compliance plan is detailed below.  

Pathway Review Systems COMPLIANCE PLAN

HIPAA GAP ANALYSIS

Pathway Review Systems has completed its gap analysis using a comprehensive HIPAA gap analysis survey. This tool evaluated and identified potential risks in the following areas: corporate structure, business operations, insurance, internal use of health information, security, release of information, client products/services and privacy regulation compliance.  Pathway Review Systems evaluation concluded that current policies are sound and Pathway Review Systems will meet the compliance dates.

RISK ANALYSIS OF SECURITY AND PRIVACY MEASURES

Pathway Review Systems has completed a risk analysis based on the gap analysis survey findings. Pathway Review Systems has achieved its HIPAA compliancy through the revisions of policies and procedures and applying technology.

POLICIES AND PROCEDURES

The HIPAA compliance committee has developed and implemented all necessary policies and procedures. All Pathway Review Systems staff has been trained in the necessary processes that are governed by HIPAA. An annual training has been established to maintain HIPAA compliancy within all areas of the organization.

PRIVACY AND SECURITY OFFICERS

Pathway Review Systems has identified the Privacy and Security Officers required by the HIPAA privacy and security regulations. These positions will be responsible for ongoing staff training, adherence to policies and procedures and management of HIPAA documentation.

EVALUATION OF TECHNOLOGICAL INFRASTRUCTURE

Pathway Review Systems has evaluated their existing technological infrastructure.   This evaluation has defined solutions for network security and clinical software that will enable Pathway Review Systems to achieve and maintain HIPAA compliance.  Pathway Review Systems has completed implementation of the networking security infrastructure and implementation of the clinical software solution.

TRAINING PLAN

Pathway Review Systems has established a HIPAA Compliance Training Committee.   This committee has developed a comprehensive training plan to ensure that staff understand HIPAA regulations and are trained on supporting policies and procedures. Ongoing training will be conducted by the Privacy and Security Officers. The key to the success of Pathway Review Systems HIPAA compliance is a continuous, comprehensive education program.   

STATEMENT OF PRIVACY NOTIFICATION

Pathway Review Systems is a covered entity and is therefore required to have a statement of privacy notification. Privacy notification is a statement of how Pathway Review Systems will handle its clients PHI. Pathway Review Systems has successfully developed its Privacy Practice Notice and has met the HIPAA compliancy requirement.

SUMMARY

The Health Insurance Portability and Accountability Act of 1996 has had a significant procedural and financial impact on Pathway Review Systems, all health care businesses and consumers. Pathway Review Systems believes that ultimately the HIPAA regulations will improve patient information protections and will streamline healthcare business operations.

Pathway Review Systems will continue to strive to improve training programs, technology infrastructure, and policies and procedures covering privacy and security to maintain HIPAA compliance. As HIPAA regulations are revised and as Pathway Review Systems continues to achieve HIPAA compliance milestones, this document will be reviewed and updated.  

DISCLAIMER

This document is for general informational proposes only and may not serve as legal or professional advice or counsel. Any provision of services for a particular customer may occur only upon the signing of a definitive written agreement with Pathway Review Systems. Specifications will be as set forth in the agreement, which will supersede the descriptions contained in this White Paper. Pathway Review Systems reserves the right to change its plans based on business needs or changes in the HIPAA regulatory process.