In 1996, President Clinton supported, and the U.S. Congress enacted the Health Insurance Portability and Accountability Act (HIPAA). HIPAA enables eligible individuals to purchase health insurance after losing coverage that was sponsored by an employer regardless of preexisting health conditions. If a person is eligible, all health insurance companies selling individual plans must offer the individual health insurance despite medical conditions and history.
HIPAA performs the following:
- Minimizes health care abuse and fraud
- Allows millions of Americans’ health insurance coverage to transfer and maintain upon losing or changing employment
- Requires the safeguarding and confidential treatment of protected health documents and information
- Mandates standards and protocols for information with electronic billing, electronic claims, and other health care processes
HIPAA and The Electronic Data Interchange Rule
A vital component of HIPAA is establishing national standards applicable to all electronic health care transactions. HIPAA also creates national identifiers for employers, providers, and health insurance plans. The intention of utilizing standards is to drastically improve the efficiency and capabilities of the health care system nationally. The use of standards in the health care industry is now ubiquitous.
HIPAA mandates that all covered entities that electronically transmit data must use the electronic data interchange (EDI) protocol X12. The health care industry knows this mandate as the EDI Rule. X12 specifies how the industry is to send data electronically and precisely how all data is to be formatted. Before HIPAA, there were hundreds of different formats for data being transmitted. Now healthcare data is transmitted in a single universal format.
The organizations affected by the EDI Rule include health car providers and clearinghouses that transmit any health information electronically as well as health plans. Self-funded group health plans to encompass less than 50 members are exempt. Self-administered health plans are also exempt. While not all healthcare providers are required to implement EDI, if they electronically transmit health care information, including claims, they are bound by the EDI Rule and must comply.
Typical electronic health care transactions such as health care claims (837), health care claim payment/advice (835), benefit enrollment and maintenance (834), health care eligibility/benefit inquiry (270) and many more are mandated and sent by healthcare companies formatted with X12 and sent via EDI. The result is a more efficient health care system with reduced administrative overhead and increased accessibility and portability of health care data and documents.
HIPAA Enforcement and Penalties
An organized civil penalty structure for violations of HIPAA was signed into law in 2009 with the American Recovery and Reinvestment Act (ARRA). Penalties are at the discretion of the Secretary of the Department of Health and Human Services. Except in instances of willful neglect, the Secretary is prohibited from enforcing civil penalties corrected within 30 days. The Secretary bases the extent of penalties on the scope and nature of violations and often include substantial fines and possible prison sentences (fraudulent use os medical information).
The penalties for willful violations are much heavier than unknowingly violating HIPAA.
Range of HIPAA violations penalties:
- An individual that unknowingly violates HIPAA (and even if exercising reasonable diligence, it is likely the violation would have occurred) is subject to a minimum of $100 per violation, not to exceed $25,000 annually and a maximum penalty of $50,000 per violation, not to exceed $1.5 million annually
- Uncorrected violation due to willful neglect carries an equal minimum and maximum penalty of $50,000 per violation, not to exceed $1.5 million annually
A great way to ensure HIPAA compliance is to outsource your EDI service to a Value-added Network (VAN). BOLD VAN is not only a user-friendly EDI provider, we are HIPAA and X12 experts and stay current on all HIPAA mandates and topics related to EDI.