APAC: A subsidiary of FPIC Insurance Group, Inc.
Committed to bringing exceptional education, service, and peace of mind





red flags rule

hcnn











April 2005 – HIPAA Update: Security Rule
In 2003, standards for the security of electronic protected health information were adopted. The deadline for HIPAA Security Standards compliance is April 20, 2005. Like the HIPAA Privacy Rule, the security standards outline the minimum safeguards “to ensure the integrity and confidentiality of protected health information and to protect against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized use or disclosure of the information.”1.

1”Health Insurance Reform: Security Standards,” Federal Register, Volume 68, Number 34, February 20, 2003, pp. 8334.

July 2003
Understanding and complying with federal HIPAA regulations may prevent a slow-down or disruption in cash flow for offices involved in electronic transmission of protected health information.

Although the HIPAA Privacy Rule went into effect on April 14, 2003 (see Preventive Action Vol. 17, Nos. 1 & 2) there are still many rumors and misunderstandings about the rule. Remember that where Florida laws are more stringent than the federal HIPAA Privacy Rule, the state law prevails. Such is the case with releasing information to insurance companies. Although HIPAA allows the release of information for payment purposes without the patient’s consent, Florida laws require the patient’s written authorization for release of information to the patient’s health insurance company.

Although the Privacy Rules apply to all forms of protected health information – written, oral and electronic, only covered entities are subject to the rule. Covered entities are only those healthcare providers who are transmitting or receiving protected information electronically.

Deadlines for other components of HIPAA are quickly approaching. The Transaction and Code Set Standards, which become effective on October 16, 2003, require the use of specific formats when conducting certain electronic transactions. They also require the use of current standard codes, such as ICD-9-CM, CDT, HCPC, or CPT-4 codes. Testing between senders and receivers must be conducted prior to the October 16 deadline to prevent disruptions in cash flow.

April 21, 2005, is the deadline to comply with the Security Rule. It sets standards for safeguarding against unauthorized access, alteration, deletion and transmission of electronic protected health information. There are administrative, physical, and technical safeguards included in this rule.

APAC continues to offer guidance materials aimed at assisting with Privacy Rule compliance in your office. You may access the materials from APAC’S risk management website at www.apacinsurance.com or you may request a mailing of the materials by calling the Risk Management Department.

February 2003
Virtually all medical practices meet the definition of a “covered entity” and are thus required to comply with HIPAA privacy rules by April 14, 2003. A “covered entity” is defined as any healthcare provider, health plan, and healthcare clearinghouse, such as a billing service, who transmits any healthcare information in electronic form which includes telephones, fax machine, and computers.

The final Security Standards Rule has been published in the Federal Register. This rule adopts standards for the security of electronic protected health information that must be implemented by health plans, healthcare clearinghouses, and certain healthcare providers. The use of the security standards will improve the Medicare and Medicaid programs, and other Federal health programs and private health programs. The Security Standards Rule establishes a level of protection for certain electronic health information. The final rule implements some of the requirements set forth by HIPAA. The effective date of the rule is April 21 2003, and compliance for covered entities, with the exception of small health plans, is April 21 2005. Small health plans must comply with the requirements of this final rule by April 21 2006. (See Federal Register/Volume 68, No. 34/Thursday, February 20 2003/Rules and Regulations/ Part II, Department of Health and Human Services, Office of the Secretary 45 CFR Parts 160, 162, 164.)

January 2003
Numerous modifications made to HIPAA’s Privacy Rule have been published in the Federal Register. The Privacy Rule, as modified, establishes for the first time, a national framework of mandates aimed at protecting the privacy and confidentiality of health information in an era of advancing technology. The deadline for compliance with the HIPAA Privacy Rule is April 14, 2003.

BACK TO HIPAA