Feedback | Job Opportunities | MT Reference | Site Map  
  HOME ABOUT US PRODUCTS AND SERVICES SUPPORT EVENTS CONTACT US
 
  HIPAA
HIPAA Compliance Statement
Current HIPAA Requirements
FutureNet System Security
  Current HIPAA Requirements  
 

The Health Insurance Portability and Accountability Act (HIPAA), signed into law in August of 1996, requires the Department of Health and Human Services (DHHS) to adopt national uniform standards for the electronic transmission of certain health information.  In August of 1998, the DHHS published its recommendations on security and electronic signature standards.  The proposed security standards are broad ranging, and cover both organizational and technical practices.  DHHS divides proposed security requirements into the following four groups:

  • Administrative proceduresdocumented general practices for establishing and enforcing security policies
  • Physical safeguardsdocumented processes for protecting physical computer systems, buildings, and so on
  • Technical security services - processes that protect, control, and monitor access
  • Technical security mechanisms - mechanisms for protecting information and restricting access to data transmitted over a network

On August 17 and December 28, 2000, both "Standards for Electronic Transactions" and "Standards for Privacy of Individually Identifiable Health Information" were finalized and published, respectively.  Based on these standards and other related HIPAA documents, more detailed requirements were summarized by the Association for Electronic Health Care Transactions:

Transaction Standards
(As indicated in NPRM)
  • Claims/Encounters - Physician/Supplier, Institutional, Dental:  X12 837
  • Retail Pharmacy Claims:  NCPDP v. 3.2
  • Claim Attachments:  (Extra year for DHHS to adopt standard)
  • Enrollment, Disenrollment:  X12 834
  • Eligibility:  X12 270/271
  • Payment/Remittance Advice:  X12 835
  • Premium Payments:  X12 811/820
  • First Report of Injury for Worker's Compensation:  X12 148 (?)
  • Claim Status:  X12 276/277
  • Referral Certification/Authorizations:  X12 278
  • Coordination of Benefits:  X12 837

NOTE:   All of these transaction standards must be accompanied by complete and unambiguous
documentation, which includes:  an implementation guide, a data dictionary, and data conditions

Code Set Standards
(As indicated in NPRM)

  • Diseases, injuries, impairments, etc.:  ICD-9-CM
  • Procedures:  ICD-9-CM, CPT, CDT, HCPCS
  • Drugs - Most administrative transactions:  HCPCS
  • Pharmacy transactions:  NDC
  • Devices:  HCPCS

Standards for Unique Health Identifiers
(DHHS Indications Thus Far)

  • Provider Identifier:  National Provider ID (NPI)
  • Health Plan Identifier:  PAYERID
  • Employer Identifier:  EIN
  • Individual Identifier:  (Still under consideration)

Security Standards
(DHHS Indications Thus Far)

  • Baseline Security Framework
  • Required Security Evaluation
  • Security Mechanisms:
  • Identification
  • Authentication
  • Authorization
  • Access Controls
  • Audit Trails/Accountability
  • Encryption
  • Digital Signatures
  • Physical Security
  • Disaster Recovery
  • Protection of Remote Access Points
  • Protection of Electronic Communications
  • Software Discipline
  • System Assessment for Vulnerabilities
  • Integrity of Data

Privacy Protections

  • DHHS Privacy Recommendations/Principles:
  • Boundaries - Limiting purposes for disclosure
  • Security - Protections against deliberate or inadvertent misuse or disclosure
  • Consumer Control - Patients able to see what is in records, get a copy, correct errors, and find out who else has seen them
  • Accountability - Punishment for violators, legal recourse for those harmed
  • Public Responsibility - Claims to privacy balanced with use of information for important, socially useful purposes
Copyright 2003 FutureNet Technologies Corporation
All rights reserved
All FutureNet products are HIPAA compliant