When you are making your healthcare facility's strategy for HIPAA compliance, you must have complete knowledge of the essential HIPAA requirements. You should make sure that your business associates who are providing you the medical billing services also correctly comply with the requirements. Following are the four requirements of HIPPA to fully comply with.
1. Privacy Requirement
The HIPAA Privacy requirement demands to maintain the standards to protect the patients’ medical records and all the related personal health info. This requirement is necessary to be fulfilled by:
• The healthcare clearinghouses
• Health plans
• Healthcare providers
• Their Business Associates
It strongly guards the PHI (Protected Health Information) and medical records of the patients. PHI includes all the information related to:
• The patient’s past, current or future physical and mental health condition.
• The requirements of healthcare to the patients.
• The past, current or future payments for the provision of healthcare to the patient.
• It also includes the common identifiers such as names, address, birth date and social security number.
Moreover, certain limits and conditions apply to its various uses and disclosures. Only the people authorized by the patient can have access to it.
2. Security requirement
The security requirement by HIPAA narrates the standards, methods, and procedures related to the electronic PHI on storage, accessibility, and transmission. The Security provision requires three levels safeguards.
The Administrative Safeguard: It relates to the assignment of HIPAA Security Compliance Team
The technical Safeguard: The technical safeguards deal with the encryption and other authentication procedures which are used to have proper control over data access.
The Physical Safeguard: The physical safeguards aim to ensure the protection of an electronic system, data, information or equipment available at healthcare facilities.
This requirement also:
• Ensures the confidentiality, integrity, and availability of ePHI that is created, maintained and transmitted.
• Ensures the compliance by the workforce.
• Provides protection against reasonably anticipated, impermissible uses or disclosures.
• Identifies and protects against predicted threats to the security and the integrity of the ePHI.
3. Transaction Requirement
Electronic exchange of data and information related to health care between two parties is called a transaction. The principal object of the transaction is to carry out the financial and administrative activities. These transactions enhance the efficiencies in operations and improve the quality and accuracy of the information. It also decreases the overall cost of the medical care system. HHS has adopted the following standard transactions in compliance with HIPAA
• Claims and encounter information
• Payment and remittance advice
• Claims status
• Enrollment and dis-enrollment
• Referrals and authorizations
• Coordination of benefits
• Premium payment
• Identifiers Requirement
The HIPAA has set some standards in the form of “Identifiers” to create a uniform and centralized approach to designate an employee, provider, health plan or patient in electronic transactions. Three identifiers are available for those who use HIPAA regulated administrative and financial transactions. These are listed below:
NPI: National Provider Identifier is a ten digit number used for covered health care providers in all the HIPAA administrative and financial transactions.
NHI: National Health Plan Identifier is used to identify health plans and payers under the center for Medicare and Medical Services (CMS)
EIN: Employer Identification number which identifies the employer identity.