HIPAA Privacy Rule
HIPAA Privacy Rule
The HIPAA Privacy Rule requires that covered entities (and business associates) develop safeguards to protect the privacy of personal health information (PHI). Covered entities are defined in the HIPAA rules as (1) health plans, (2) healthcare clearinghouses, and (3) healthcare providers who electronically transmit any health information in connection with transactions for which the federal Department of Health and Human Service (HHS) has adopted standards.
Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centers, physicians, and other healthcare providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.
What are Healthcare Clearinghouses?
Health plans are simple to define. Health plans are individual or group plans that provide or pay the cost of, medical care.
Healthcare providers are relatively simple to define. A healthcare provider is an individual or entity that provides medical or health services.
The term “healthcare provider” also encompasses and any other person or organization who furnishes, bills, or is paid for healthcare in the normal course of business.
But what are healthcare clearinghouses?
The HIPAA regulations define a healthcare clearinghouse as:
A public or private entity (including a billing service, repricing company, community health management information system or community health information system, and value-added networks and switches), that does either of the following functions:
- Processes or facilitates the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction; or
- Receives a standard transaction from another entity and processes or facilitates the processing of health information into nonstandard format or nonstandard data content for the receiving entity.
How Do Healthcare Clearinghouses Work?
Healthcare clearinghouses, often referred to as “medical claims” clearinghouses, act as third-party intermediaries between providers of healthcare, and those who pay for healthcare – that is, health insurers (health plans).
Let’s start at the beginning. A provider treats a patient. The provider’s office then generates a claim for payment, and files that claim in its medical billing software. The bill must ultimately be received by the health insurer so the insurer can pay its portion of the bill (and so the provider can be compensated for the services it rendered)
The claim filed in the medical billing software, is then transformed into a file that is compliant with the American National Standards Institute (ANSI) format. An ANSI format is an encoding format – it converts text into a series of numbers. The numbers, called “numerical character sets,” can subsequently be decoded.
Once the file is “ANSI-compliant,” the provider uploads the file to the healthcare clearinghouse. The clearinghouse, through a process known as “scrubbing,” examines the file for errors, and verifies that the claim can be read by the insurer’s software.
After scrubbing, the file is sent to the insurer. The insurer examines the file, and notes whether errors exist (i.e., whether an incorrect billing code was entered, or whether the amount charged for a service is inaccurate). Finally, the insurance company, using its healthcare clearinghouse, securely transmits either a denial of the claim or an acceptance of the claim to the provider.
Clearinghouses’ work necessarily involves their exposure to PHI; the text translated into the ANSI format – that is, the claim, contains protected health information such as patient name, address, phone number, medical record number, health plan beneficiary number, and other information that the law defines as PHI.
Compliancy Group Simplifies HIPAA Compliance
Compliancy Group was founded to help simplify the HIPAA compliance challenge. We give healthcare organizations everything they need to address the full extent of the HIPAA regulations. Our ongoing support and web-based compliance app, The Guard™, gives healthcare organizations the tools to address the law so they can get back to confidently running their business.
Find out how Compliancy Group has helped thousands of organizations like yours Achieve, Illustrate, and MaintainTM their HIPAA compliance!