HIPAA is one of the most encompassing legislative changes to happen in the US in the past 20 years. It’s also one that generates a lot of misinformation, myth and sometimes even apathy. A lot of providers believe that securing patient records is the extent of the compliance requirement. Accompany us on a five-part journey into the Basics of HIPAA and see if your organization has a good understanding of this law.
Introduction
The Health Insurance Portability and Accountability Act (HIPAA) is a Federal law, enacted in 1996, that was implemented in phases.
It contains the following provisions:
A. Portability
This component was implemented in 1997 and provides available and renewable health coverage. It also removes the pre-existing conditions clause, under defined guidelines, for individuals changing employers and health plans. [The Patient Protection and Affordable Care Act (PPACA) – or the health care reform law enacted in 2010 – goes beyond the pre-existing conditions clause in HIPAA.]
For example, suppose an individual changed jobs and had a waiting period of 90 days in order to be covered under the new employer’s health insurance. Before HIPAA, if that person became ill during those 90 days, s/he may not have been eligible for insurance coverage. Or, if the individual was covered, the illness may have been considered a pre-existing condition, which would not be covered.
HIPAA made it possible for people to change employers and health coverage without any fear of uninsurability.
B. Medicare Integrity Program (Fraud & Abuse)
This HIPAA component, implemented in 1998, guarantees that the Center for Medicare and Medicaid Services (CMS) has the funding for integrity activities and to expand its anti-fraud initiatives.
South Florida, in particular, seems to have more than a fair share of people engaged in defrauding the Medicare and Medicaid programs. HIPAA has allocated funds for improved fraud detection programs and increased staff to investigate allegations of fraud. It seems not a week goes by without some news of a fraudulent provider being caught. In addition, CMS has retained the services of private recovery contract auditors who specialize in combing for inappropriate payments and recouping them for the federal and state governments.
Next time, we’ll discuss the third provision of the HIPAA law, and the one that probably affects provider organizations the most in today’s healthcare environment.