HIPAA Compliance is Mandatory and is Here to Stay!
51 Oakwood, Inc. is HIPAA compliant and we have a team of specialists that will help ensure that your practice is also HIPAA compliant.
Mandatory compliance with HIPAA Privacy legislation went into effect on April 14, 2003. At this point, your practice should, among other things:
- Be providing a privacy notice to patients identifying how you will use or disclose Protected Health Information (PHI)
- Have established privacy policies and procedures
- Have identified a privacy officer
To fully understand HIPAA Privacy, it is important to understand some key definitions:
- Health Information: Any information, whether oral or recorded in any form of medium that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse. Health information relates to the past, present or future physical or mental health or condition of an individual, or the past, present, or future payment for the provision of health care to an individual.
- Protected Health Information (PHI): Health information becomes PHI when it is matched with another piece of information that identifies the individual or form which the individual could reasonably be identified (for example: name, Social Security Number, address, date of birth, certificate number). PHI is individually identifiable information that is transmitted or maintained electronically, on paper, orally or in any form or medium.
- Treatement, Payment and Health Care Operation (TPO): These activities are described in the Privacy Rule, as well as in the Rules preamble.
- Minimum Necessary Methodology: As it applies to Privacy; using, disclosing and requesting (collecting) only the minimum amount of PHI necessary to perform a function. Minimum necessary standards regarding PHI do not apply when the disclosure is being made to or requested by a health care provider in the treatment of a patient.
TRANSACTION CODE SETS COMPLIANCE
The compliance date for electronic transaction and code sets was October 16, 2003. As a reminder, the following code sets are those mandated for electronic transmission by HIPAA for consistency across the health care industry:
- CPT-4 Codes (Current Procedural Terminology)
- ICD-9 CM diagnosis codes (International Classification of Diseases 9th Edit., Clinical Modification)
- ICD-9 CM procedure codes (Inpatient claims only)
- HCPCS (Health Care Financing Administration Common Procedure Coding System)
- CDT (Dental Procedures and Nomenclatures)
- NDC (National Drug Codes), Retail Pharmacy Only. NDC codes are not required for drugs and biologicals not billed by retail pharmacy.
- Claim Status Codes and Claim Adjustment Reason Codes
- Provider Taxonomy Codes (Indicates provider specialty)
With the implementation of these standard codes on October 16, 2003, proprietary administrative codes or home-grown codes will no longer be allowed in HIPAA standard transactions.