HIPAA - Health Insurance Portability and Accountability Act of 1996

What's New:
Contingency Plan Ending for non-HIPAA-compliant Electronic Remittance
HHS & DOL Finalize Portability and Group Health Plan Requirements

Overview:
What is HIPAA?
Who does HIPAA affect?
What will HIPAA change?
Administrative simplification
Highmark's progress

Titles:
List of titles
Fraud and abuse
Insurance reform
HIPAA companion legislation
Other HIPAA regulations

HIPAA FAQs and Myths:
Frequently asked questions -- general
Frequently asked questions -- privacy
HIPAA Myths

Administration Simplification:
Administrative simplification
Insurance reform provisions
Certificates of creditable coverage
Contingency Plans

Forms:
Authorization for Disclosure

For Trading Partners:
HIPAA production ready listing Testing Information
EDI sign-up and trading partner information

Other Resources:
HIPAA information on the web Contact us

Spacer

Spacer

HHS & DOL Finalize Portability and Group Health Plan Requirements

Final Rule for Health Coverage Portability (Title I) & Group Health Plan Requirements (Title IV)

In December 2004, the Department of Health and Human Services (HHS) and the Department of Labor (DOL) announced a final rule that completes portions of the April 8, 1997 interim final regulation to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) through implementing greater portability and availability of group health coverage when workers and family members change or lose a job.

According to HHS and DOL, the final regulation, which becomes effective for plan years starting on or after July 1, 2005, does not significantly modify the framework of the 1997 interim final regulation, it does, however, contain features that are intended to bolster HIPAA's consumer protections while minimizing the burdens imposed on group health plans and group health insurance issuers.

In its press release, the HHS states the following about the final regulation:

  • "Requires group health plans and group health insurance issuers to include, concurrently with the certificate of creditable coverage provided to individuals when they lose coverage under the plan, an educational statement on their HIPAA rights.
  • Includes model language that group health plans and group health insurance issuers can use for the new educational statement.
  • Recognizes health plans maintained by foreign governments, and by the U.S. government (such as Veterans Administration coverage) as creditable coverage that can be used to reduce the length of or eliminate a preexisting condition exclusion.
  • Offers sample language that plans and issuers can use to satisfy their obligations to provide participants notices of preexisting condition exclusions.
  • Clarifies that certain plan benefit restrictions are in fact preexisting condition exclusions that must comply with HIPAA's limitations on such exclusions."

The final regulation was published in the December 30, 2004 Federal Register.

The complete HHS press release is available at :
http://www.hhs.gov/news/press/2004pres/20041229.html
The complete DOL press release is available at :
http://www.dol.gov/ebsa/newsroom/pr123004.html

Back to Top

 

Spacer
What is HIPAA?

HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996. HIPAA was established within the Clinton administration's health care reform policy, and was enacted to provide better access to health insurance, limit fraud and abuse and reduce administrative costs.

In the coming months, you'll probably hear people refer to "HIPAA" as if it is a single program or project. It's actually a complex legislative act of the federal government, organized into several key titles, or sections (click here to see how the legislation is organized).

Back to Top

 

Spacer
Who does HIPAA affect?

  • Health insurers
  • Doctors
  • Hospitals
  • Employers who provide health insurance
  • Life insurers
  • Anyone who uses health care or health insurance
  • Public health authorities
  • Billing agencies
  • Information system vendors
  • Health service organizations

Back to Top

 

Spacer
What will HIPAA change?

HIPAA is an extensive law made up of five titles with many complexities. Numerous regulations are still under development and are not final.

Highmark Blue Shield is working on all HIPAA requirements. The four main areas of focus are administrative simplification, fraud and abuse, insurance reform and HIPAA companion legislation.

Back to Top

 

Spacer

Spacer
Administrative simplification

Administrative simplification is broken down into several sections.

  • Electronic health transaction standards and code sets – The implementation of a national standard for transmitting health data electronically and the use of standard code sets that describe diseases, injuries and other health problems.

  • Unique identifiers* – A system that uses one identification number per employer, health plan or payer and health care provider to simplify administration.

  • Security – The safeguard for the storage, access and transmission of electronic patient information.

  • Privacy – It generally limits the use or disclosure of protected health information to a minimum necessary standard. It also gives patients the right to see and get copies of their records, request amendments to their records and learn details of certain disclosures of their records.

*Denotes a proposed rule which may vary from its original specifications and is not yet final.

Back to Top

 

Spacer

Spacer
Fraud and abuse

Fraud and abuse - Magnifying glassAnother issue on the forefront is the reduction of fraud and abuse. The US General Accounting Office has estimated that 11 cents of every health care dollar is spent fraudulently.

To remedy this problem, HIPAA established a fraud and abuse control program, which makes it easier to pursue and punish those suspected of fraudulent activity. It also provides safety for whistle blowers.

Highmark Blue Shield is actively involved in investigating health insurance fraud.

Back to Top

 

Spacer

Spacer
Insurance reform

Six insurance reform provisions make health insurance easily accessible and portable. These provisions are already in effect at Highmark Blue Shield.

  1. Certificates of creditable coverage – If you change jobs or lose your health coverage, your previous employer or insurance company is required to issue you a certificate. This certificate will provide evidence of your prior coverage, which can be applied to any pre-existing condition waiting period on your new health insurance.

  2. Pre-existing conditions and waiting periods – A maximum 12-month waiting period (18 months for late enrollees) for coverage for any preexisting condition for which medical advice, diagnosis, care or treatment has been received or recommended within the past six months.

  3. Breaks in coverage – More than 63 days of not carrying insurance is considered a significant break in coverage. If this occurs, you will not be eligible to reduce a preexisting condition waiting period with creditable coverage.

  4. Special enrollment provision – Allows immediate enrollment into your employer's health insurance plan if you lose other (i.e. spouse's) coverage or if there is an addition to the family.

  5. Availability and renewability of health insurance coverage – Health plans cannot base enrollment on health status.

  6. Pre-emption provisions – The HIPAA federal regulations will replace existing state laws. However, if a state already has a law that meets or exceeds HIPAA regulations, the state law will remain in effect.

Back to Top

 

Spacer

Spacer

HIPAA companion legislation

The following HIPAA companion legislation increases specific health benefits:

  1. The Women's Health and Cancer Rights Act of 1998 (WHCRA) applies to group plans and self-insured plans. It states that if your insurance covers a mastectomy, then it must also cover breast reconstruction. WHCRA does not, however, require health plans to cover mastectomies.

  2. The Newborn's and Mother's Health Protection Act of 1996 (NMHPA) applies to group plans and self-insured plans. It states that if your health plan covers hospital stays following childbirth, they must cover a 48-hour stay for vaginal delivery and 96-hours following a cesarean section delivery.

    Your health plan does not have to cover the full 48-hour (or 96-hour) period if your physician speaks with you and determines you or your child can be discharged earlier.

    NMHPA does not, however, require health plans to cover hospital stays in connection with childbirth.

  3. The Mental Health Parity Act of 1996 (MHPA) applies to group plans with more than 50 workers. It states that if your plan covers mental health, the dollar limit on those benefits cannot be less than the limit on medical and surgical benefits. MHPA does not however, require health plans to cover mental health.

    Update — On Dec. 19, 2003 President Bush signed into law the Mental Health Parity Reauthorization Act of 2003 (Public Law 108-197). This law amends the Employee Retirement Income Security Act of 1974 and the Public Health Service Act to extend the mental health benefits parity provisions through Dec. 31, 2004.

Back to Top

 

Spacer

Spacer
Other HIPAA regulations

HIPAA contains additional regulations in three more sections of the law.

  1. A government regulation that standardizes the amount you can save per person in a pre-tax medical savings account.

  2. Broadened information on insurance reform provisions and detailed explanations.

  3. Regulations on how employers can deduct company-owned life insurance premiums for income tax purposes.

For more information on these regulations and the associated titles, click here.

Back to Top

 

Spacer

Spacer
Highmark's Progress

HIPAA is being addressed as a corporate priority. The following information is to provide you with appropriate assurances that Highmark Blue Shield is taking prudent steps to address all HIPAA requirements:

We formed a Corporate Steering Committee, comprised of Senior Management, to oversee all HIPAA activities. The committee meets on a regular basis to review progress, address issues and provide management direction.

In addition to the Corporate Steering Committee there are numerous Work Groups and Task Forces that each address a specific aspect of HIPAA.

Highmark Blue Shield has established a HIPAA Division within the company. This division is comprised of the following areas:

  • Project Management – This department maintains the HIPAA Project Plan, coordinates HIPAA activities, performs progress tracking, and reports to management.

  • HIPAA Knowledge Center – This department stays abreast of HIPAA legislation and regulations; interprets the legislation in regard to how it will impact our business and systems; participates in national healthcare related forums and associations that are focused on sharing HIPAA knowledge, implementation recommendations, and issue resolutions; coordinates project activities with our business partners; and serves as a knowledge base in the support of Trading Partners during their HIPAA Transactional and Code Set ValidatorTM testing with Highmark.

  • HIPAA Education and Communication – This department is accountable for HIPAA awareness within Highmark Blue Shield as well as with the external business partners and customers; coordinates the education and training initiatives that are needed due to HIPAA mandated training or that are needed because of HIPAA changes that alter existing business processes; and handles the research and response to all incoming internal and external communications inquiries.

  • HIPAA Claims Systems – This department has accountability for the system maintenance of the main claim processing system used within the company. They conduct the HIPAA system changes, perform the various types of required testing, and implement the changes into production.

  • HIPAA Claims Business – This department has accountability for identifying and documenting all required changes to the main claim processing system used within the company, developing test data, and performing testing for the claim processing system.

  • HIPAA Membership and Provider Services – This department is responsible for the HIPAA changes that impact membership and provider processes.

  • Privacy Department – This department is working closely with the HIPAA Division and is leading the initiative to bring us into compliance with the HIPAA Privacy Rule. The Privacy Department, through a HIPAA Security Official, has accountability for the implementation of the HIPAA Security requirements. Corporate privacy policies and departmental procedures, which will incorporate the results of earlier data flow studies, are currently under development and revision. Our applications and business processes have been reviewed, project plans are being created, and modifications have begun.

Image of two peopleHighmark Blue Shield applications and business processes have been inventoried and a gap analysis completed to identify changes that will be needed in order to comply with the transaction and code set portion of administrative simplification portion of the HIPAA legislation. Project plans for the renovation and/or testing of each change have been developed. Renovation and testing activities have begun.

Highmark Blue Shield is communicating with its business partners and customers to identify risks so that their systems or processes will not hinder the ability to comply with HIPAA requirements.

Due to the nature of the HIPAA requirements and the differing mandated effective dates for the various components legislated by HIPAA, staggered implementations are scheduled at Highmark Blue Shield.

  • The portability changes have been completed.

  • The Administrative Simplification changes which include the use of standardized formats and identifiers for data exchange will be phased into production on a quarterly basis and are projected to be completed before the mandated deadline.

  • The Security and Privacy changes are being thoroughly researched and project plans are being developed. Highmark Blue Shield is fully committed to maintaining the highest levels of security and privacy for its members, providers, and clients while ensuring adherence to all applicable Federal and State laws and regulations within the mandated time frames.

Back to Top

 

Spacer

Spacer
Contact us

If you need more information or have questions regarding HIPAA at Highmark Blue Shield, contact us online.

Back to Top

 


footer links