The two main areas of the new law are as stated in the name, Portability and Accountability.  These refer to the ability to send electronically to all insurance companies using the same format (Portability), and building security into office procedures and office software (Accountability).

Portability

Portability refers to the ability to file claims electronically, check claims status electronically, receive payments electronically, and to do membership verification electronically.  It means, from a computer standpoint, that every medical office/clinic/billing service should be able to:

    1.  Verify patient insurance in a matter of a minute or two at any time of night or day right from your practice management software.
    2. Get authorizations requested from insurance companies immediately through your in-house software.
    3.  File all insurance claims electronically, probably direct through the internet.
    4.  Check on the status of any outstanding insurance claim with a touch of the button by having your practice management software do it automatically.
    5.  Receive payments from insurance companies and have them automatically post into your accounts without requiring them to be input manually, and have the money automatically deposited into the office bank account.

There are other areas that are part of this group, but these are the main ones.  Insurance companies will be required to accept these requests and provide these responses electronically.  Many are already testing parts of these abilities. 

Accountability

A better word for accountability is security.  Medical offices will be required to have a security officer, and written and implemented security procedures for release of patient information and patient records.  Offices may find themselves liable if medical information is given out to those not authorized, even down to someone overhearing a conversation between office staff where a patient's name is mentioned out loud. Scheduling a specific appointment for a patient where others can hear about it could violate the law.  Every Medical Office should be checking into the requirements for this!  There are links to national HIPAA pages at the bottom of this page.

Signed documents will be required from patients for any release of information to insurance filing, or for research studies.

Computers will have to have much greater security.  A track record of who has accessed patient records, what was printed or displayed, when and by whom, will be necessary.  Offices may need to print out listings of records accessed for a specific time frame.  Security will have to be in place limiting access to records to specific personnel.  Notification lists may be needed for patients whose records have been/will be accessed, and audit trails of these items may be necessary for the medical offices.

All data on your computers will have to be encrypted, so that someone cannot copy it off and search the data for information.

These areas are still being revised and re-written, and may change a lot before enforcement of them is started.  Keep checking with us or your local HIPAA guideline office.  We will keep links and changes updated.

Other

Other changes that will affect us shortly are

    1.  Release of the new ICD10 diagnosis codes to replace the ICD9 codes.  The old format of XXX.XX codes will be a thing of the past.  The new format will have up to seven digits to the left of the period, and up to 14 digits to the right. The new codes could look like XXXXXXX.XXXXXXXXXXXXXX. (eek!)
    2.  NPI (National Provider ID) codes that may augment (or replace) the UPIN codes.  Every doctor may have one assigned, as well as each medical group or clinic entity.
    3. NDC codes may replace the old J codes in the CPT or HCSPCS listings.
    4.  Payer assigned ID codes may be required from each insurance company, or plan within a company, or....?

Other sites include:

Health and Human Services Administration

Washington Publishing Company - HIPAA guides

Federal Register