Welcome to TechnologyProfessional.Org

Advance the profession. Advance your career.

Login now!

Member Login

Lost your password?

Healthcare and HIPPA

August 24, 2009

Today’s economy is in critical condition. Almost anyone you ask will agree. Businesses are downsizing, while job seekers are coming up empty handed. Those who are unemployed lack so much more than a salary. To lose a job is also to lose health insurance. What, then, can you do if you get sick on a tight budget and you have no insurance?

In 1996, the United States Congress addressed this dilemma via the Health Insurance Portability and Accountability Act (HIPAA). HIPAA consists of two parts—Title I and Title II. Title I provides insurance to those who lose or change jobs. Title II, which includes the Administrative Simplification (AS) provisions, monitors the use of patient information for the sake of privacy. Title II also promotes the use of an “electronic data interchange,” or an information sharing system.


Title I provides several services. First, it seeks to provide insurance to those who have been affected by downsizing or a career change. Second, “it revised the Employee Retirement Income Security Act, the Public Health Service Act, and the Internal Revenue Code.” The Employee Retirement Income Security Act maintains pension plan and federal income tax activity, and the Public Health Service Act provides certain health services to those in need. The Internal Revenue Code is not an act, but rather it governs the payment of US taxes.


Title II, with the AS provisions, establishes how certain organizations can use your health information as well as how you can access it. Further, it addresses healthcare laws and what can happen to those who abuse the healthcare system. Finally, Title II aims to streamline the healthcare system via the Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifiers Rule, and the Enforcement Rule.

Privacy Rule

In April 2003, HIPAA established the Privacy Rule. As its name suggests, the Privacy Rule governs the use of public health information, or an establishment’s healthcare data as it pertains to individuals. The Privacy Rule also emphasizes that establishments should disclose as little information as possible for the sake of treatment, payments, and other such care. The rule also advocates accuracy and confidentiality and allows for disclosure during cases of child abuse. Further still, establishments must stay informed and current on the laws that govern public health information. They must employ a Privacy Official as well as an individual trained to receive privacy complaints. Finally, establishments must train all employees in the lawful maintenance of public health information.

EDI Provisions

On July 1, 2005, after quite a bit of conflict, the Transactions and Code Sets Rule was implemented. The first of those transactions is the EDI Health Care Claim Transaction Set. This transaction specifies the use of most healthcare billing information, except in the case of pharmacy claims. Most often, the data moves from payer to provider, from payer to payer, or from payer to relevant organization. The second of these transactions is the EDI Retail Pharmacy Claim Transaction. This transaction regulates the use of data during pharmacy billing and services.

The EDI Health Care Claim Payment/Advice Transaction Set is another rule, which enables one to make a payment and submit an Explanation of Benefits (EOB). The forth installment is the EDI Benefit Enrollment and Maintenance Set. It allows employers, unions, and agencies to register individuals with a paying organization, including health insurance companies and government programs. Financial organizations use the EDI Payroll Deducted and other group Premium Payment for Insurance Products to deliver payments to recipients.

Further still, healthcare members can use EDI Health Care Eligibility/Benefit Inquiry to acquire knowledge about benefits and eligibility. Upon inquiry, the relevant representatives can answer such questions via the EDI Health Care Eligibility/Benefit Response. Also, payers, providers and agents can inquire about the status of a health care claim as noted in the EDI Health Care Claim Status Request. To inform others of such a status, the same individuals should use the EDI Health Care Claim Status Notification. When appropriate, qualified associates can, according to the EDI Health Care Service Review Information, report, review and certify the outcome of health care services. Finally, the EDI Functional Acknowledgement Transaction Set defines the control structures for electronically encoded documents.”

As healthcare evolves, individual privacy will remain a prominent concern. As such, HIPAA appears to change steadily in the wake of such concerns. For example, within Title II of HIPAA, one could interpret the Privacy Rule in a number of ways. Generally speaking, however, the Privacy Rule of Title II refers to any portion of one’s payment and medical records. As information exchange becomes more complex, it is possible that the parameters of HIPAA will similarly progress.

Dealing with HIPAA can be a complex process. As a result, some healthcare workers may be tempted to cut corners. But compliance from the medical community is absolutely mandatory. Institutions that support Medicare and Medicaid must meet HIPAA standards in order to provide service. To further emphasize compliance, the United States Congress enforces the Clinical Laboratory Improvement Amendments (CLIA), which advocates prompt test results for patients. Furthermore, the more complex the medical test, the more facilities must adhere to the amendment. One can even find additional levels of compliance within State Survey Agencies, who regulate the standards for CLIA and Medicaid.

HIPPA’s Effectiveness

Although HIPAA may have been well intended, it does not always prove to be effective. Oscar May, formerly the chairman & chief business development officer at Quality Surgery Centers, LLC in Atlanta, Georgia, is aware of some of the shortcomings of the system. For example, people can report HIPAA violations to the Department of Health and Human Services (HHS). But, as May states, “Initially the department lacked aggressive enforcement action against hospitals, doctors, or insurance companies for reported violations.” May continues, “It has also been pointed out that clinical research has been negatively impacted where patients have become reticent to respond to follow-up studies when queried, for fear that their personal data might be mishandled.” May suggests that facilities should exercise “strict adherence to the Patient Bill of Rights put forth under the Clinton Administration” and that Congress should reevaluate the way it spends money to “manage processes that appear to be less than adequate.”


Today, healthcare is so much more than doctors, patients, and prescriptions. Medical services entail the use of private information, insurance companies, and program providers. The medical community, in its entirety, must work to respect patient privacy while preventing fraud and abuse. The system means well but is laced with imperfection. Regardless, in the face of its flaws, one must think … you have to start somewhere.


US Department of Health and Human Services. “Certification & Compliance Overview.” CMS. 1 Jun 2009 .

Wallace, Flynn. “HIPAA.” msstate.edu. 2007. 21 July 2009 .

Weil, Steven. “HIPAA Security Rule.” SecurityFocus.com. 21 July 2009 .

Leave a Reply