Massachusetts Massachusetts Massachusetts
Bulkley, Richardson and Gellinas
Home About the Firm Practice Areas Directions Attorneys News Community Contact Us Employment
 

Other Bulletins

August 2002
Health Law Newsletter

HIPAA Compliance Deadlines Near
byKelly A. McCarthy, Esq.

If you have not already started, now is the time to begin your efforts to prepare your business or health care practice for HIPAA compliance. HIPAA – the federal Health Insurance Portability and Accountability Act of 1996 – contains a number of provisions that affect health care providers and health plans, including certain employee benefit plans for health care offered by employers. Below is a quick recap of three key sets of HIPAA regulations, which should be central to your HIPAA compliance efforts:

Electronic Transactions and Code Set Standards

These regulations have a compliance deadline of October 16, 2002. They set forth a national format standard for certain electronic transactions. They require that covered entities use a standard format when electronically exchanging health care information concerning: health claims, health care payment and remittance advice, coordination of benefits, health claim status, enrollment and disenrollment in an health plan, eligibility for a health plan, health plan premium payments, referral certification and authorization, and first report of injury. In addition, these regulations require the use of certain code sets (CPT-4 and HCPCS for physician services) when encoding various medical data.

Few covered entities will be ready to comply with these regulations by October 16, 2002. To extend the compliance deadline for these regulations by one year (to October 16, 2003), however, a covered entity must submit a plan for compliance with these electronic transactions and code set HIPAA regulations by October 15, 2002. This can be done on-line. The compliance plan must include, among other things, a budget, work plan, schedule, and implementation strategy.

Security and Electronic Signature Standards

No compliance date has been established yet for these regulations, which have not yet been published as final. Proposed security and electronic signature regulations were issued August 17, 1998. These proposed regulations concern standards for the security of individually identifiable health information and for electronic signature use by covered entities. They address administrative, technical, and physical safeguards that covered entities, as well as the trading partners of covered entities, must use to maintain the security of all electronically stored, maintained, or transmitted individual health information.

Privacy of Individually Identifiable

Health Information Standards

The deadline for compliance with the HIPAA privacy regulations is April 14, 2003. Final HIPAA privacy regulations were published on December 21, 2000, and final modifications to the regulations were published on August 14, 2002. The regulations online. These regulations are intended to protect the privacy of individually identifiable health information and to provide enumerated rights to patients with regard to their health information. They include requirements that covered entities develop privacy practices and train personnel about them, provide a notice of their privacy practices to their patients, obtain authorization from patients for use of health information that is not related to treatment, payment, or health care operations, and allow patients to obtain copies of and request changes to their health records. They also require that business associates receiving private health information execute contracts agreeing to comply with these HIPAA privacy regulations. Each covered entity must designate a privacy official within its organization who will be responsible for developing and implementing privacy policies, educating employees, conducting privacy audits, and functioning as a liaison with patients and government officials concerning HIPAA compliance issues and patient privacy. Businesses and employers that are not health care providers or health plans also have legal obligations under these HIPAA privacy regulations if they offer employee welfare benefit plans for health care to their employees.

If you would like additional information or assistance to help your health care practice or business meet its HIPAA compliance legal obligations, please contact Kelly A. McCarthy, Esq., Coordinator of the BR&G Health Law Practice Group, at (413) 272-6306, or Elizabeth H. Sillin, Esq., a member of the Group, at (413) 272-6296.

News & Articles
The Largest Firm in Western Massachusetts
About the Firm | Practice Areas | Directions | Attorneys | News | Community | Contact Us | Employment
LexisNexis: Martindale-Hubbell
Advertising. In accordance with rules established by the Supreme Judicial Court of Massachusetts. This web site must be labeled "advertising." It is designed to provide general information for clients and friends of the firm and should not be construed as legal advice, or legal opinion on any specific facts or circumstances.This web site is designed for general information only. The information presented at this site should not be construed to be formal legal advice nor the formation of a lawyer/client relationship. [ Site Map ]