is the Health Insurance Portability and Accountability Act,
passed by Congress and signed by President Clinton way back in 1996.
It took effect on October 16, 2000 with all aspects of its laws
required to be in place on or prior to October 16, 2002.
The two main areas of the new law are as stated in the name,
Portability and Accountability. These refer to the ability to send
electronically to all insurance companies using the same format
(Portability), and building security into office procedures and office
Portability refers to the ability to file claims electronically,
check claims status electronically, receive payments electronically,
and to do membership verification electronically. It means, from a
computer standpoint, that every medical office/clinic/billing service
should be able to:
1. Verify patient insurance in a matter of a minute or two at
any time of night or day right from your practice management software.
2. Get authorizations requested from insurance companies
immediately through your in-house software.
3. File all insurance claims electronically, probably direct
through the internet.
4. Check on the status of any outstanding insurance claim with a
touch of the button by having your practice management software do it
5. Receive payments from insurance companies and have them
automatically post into your accounts without requiring them to be
input manually, and have the money automatically deposited into the
office bank account.
There are other areas that are part of this group, but these are
the main ones. Insurance companies will be required to accept these
requests and provide these responses electronically. Many are already
testing parts of these abilities.
A better word for accountability is security.
Medical offices will be required to have a security officer, and
written and implemented security procedures for release of patient
information and patient records. Offices may find themselves liable
if medical information is given out to those not authorized, even down
to someone overhearing a conversation between office staff where a
patient's name is mentioned out loud. Scheduling a specific
appointment for a patient where others can hear about it could violate
the law. Every Medical Office should be checking into the
requirements for this! There are links to national HIPAA pages at the
bottom of this page.
Signed documents will be required from patients for any release of
information to insurance filing, or for research studies.
Computers will have to have much greater security. A track record
of who has accessed patient records, what was printed or displayed,
when and by whom, will be necessary. Offices may need to print out
listings of records accessed for a specific time frame. Security will
have to be in place limiting access to records to specific personnel.
Notification lists may be needed for patients whose records have
been/will be accessed, and audit trails of these items may be
necessary for the medical offices.
All data on your computers will have to be encrypted, so that
someone cannot copy it off and search the data for information.
These areas are still being revised and re-written, and may change
a lot before enforcement of them is started. Keep checking with us or
your local HIPAA guideline office. We will keep links and changes
Other changes that will affect us shortly are
1. Release of the new ICD10 diagnosis codes to replace
the ICD9 codes. The old format of XXX.XX codes will be a thing of the
past. The new format will have up to seven digits to the left of the
period, and up to 14 digits to the right. The new codes could look
like XXXXXXX.XXXXXXXXXXXXXX. (eek!)
2. NPI (National Provider ID) codes that may augment (or
replace) the UPIN codes. Every doctor may have one assigned, as well
as each medical group or clinic entity.
3. NDC codes may replace the old J codes in the CPT or
4. Payer assigned ID codes may be required from
each insurance company, or plan within a company, or....?
Other sites include:
Health and Human Services
Publishing Company - HIPAA guides