WHAT IS HIPAA AND HOW DOES IT AFFECT PAs?
Patrick Ivory, MPAS, PA-C

HIPAA is the Health Insurance Portability and Accountability Act of 1996. This law was passed as a way of protecting workers from losing their health insurance coverage when they change jobs or have a significant event occur in their lives. It is not the same as the Cobra requirements of the early 1990’s. HIPAA is a comprehensive law that addresses the transmission of data about a patient to health care insurers, clearing houses and other health care professionals. It includes protections from fraud, abuse, privacy and establishes portability for health insurance. The effective date of implementation is April 14, 2003. Most administrative departments of health care providers, insurance companies and other “covered entities” have been provided information over the past several years to allow for a smoother transition to the HIPAA requirements.

Part of the impetus to create this law was the excessive number of forms required to obtain benefits and they all were different. At one point, it was estimated that there were over 400 different forms in use. The increased prevalence and sophistication of electronic technology allowed the development of methods for standardizing the forms that all carriers were able to use.

Another major component of HIPAA was the security requirements associated with the electronic transfer of information, as well as, releasing protected health information (PHI) about a patient. The privacy rule associated with HIPAA prohibits health care providers from disclosing PHI except what is needed for treatment of coverage of a procedure. The law requires that patient confidentiality be maintained. While HHS has no intention of prosecuting providers for inadvertent release of information, certain safeguards must be put into place to prevent these disclosures. Reasonable steps are simple things like closing the exam room door while discussing the case with the patient, or taking a consultant into a rooms and closing the door before discussing the case. Parental access was another area that HIPAA unintentionally limited, however, state law is given priority to determine the degree of access that a parent has access to a child’s record. The original date for implementation of HIPAA was back in 2002, however, when the privacy component of the regulations came out, they were far too difficult to understand and to implement. There were over 100,000 comments submitted to HHS, so they took it back and modified the rules. These can be seen by going to the CMS website (www.cms.hhs.gov) and following the links to the information about HIPAA. The privacy component of HIPAA can be downloaded by following these links. The PDF document is approximately 160 pages in length.

The portability component of the law means that once an individual has health coverage, this coverage may be used to reduce or eliminate any preexisting condition exclusion that might be applied to an individual who moves to another employer’s group health plan. Essentially, the individual receives credit for maintaining health coverage, even though it may be under different health plans or policies. It doesn’t mean they carry their current plan or policy with them when they go to another job however. This also applies if you are covered as a dependent of the person who changes jobs. It also helps an individual who loses group health coverage and you wish to purchase individual coverage. Also, it covers you if you have individual health coverage or any other type of creditable coverage and you enroll in a new group health plan. There are two things that the law doesn’t guarantee, that your premiums or benefits will stay exactly the same when you move or that your employer or union has to provide you coverage if they don’t provide it for other employees.

This short article only touches the surface of HIPAA. There is a lot more to this, and while most areas are not within the purview of a PA, it is essential that a PA have a working understanding of the privacy rules implemented with this law. The following is a list of resources that the AAPA put out in the AAPA News of 9/15/02.

1. CMS website:  www.cms.hhs.gov
2. Free Video: CMS Meeting the HIPAA Challenge: Implementing the Administrative Simplifications of HIPAA. You can request a copy from CMS by writing to askhipaaWcms.hhs.gov or calling 410-786-4232
3. CMS HIPAA Hotline 410-786-4232
4. Privacy related information: www.hhs.gov/ocr/newsroom/index.html