Title II Administrative Standards
Transaction and Code Set
The Secretary of Health and Human Services is adopting standards for the following administrative and financial health care transactions:
- Health claims and equivalent encounter information.
- Enrollment and disenrollment in a health plan.
- Eligibility for a health plan.
- Health care payment and remittance advice.
- Health plans premium payments.
- Health claim status.
- Referral certification and authorization.
- Coordination of benefits
For the average health care provider or health plan, the Privacy Rule requires activities, such as:
- Notifying patients about their privacy rights
- How their information can be used.
- Limits release of information to the minimum reasonably needed for the purpose of the disclosure.
- Gives patients the right to examine and obtain a copy of their own health records and request corrections.
- Empower individuals to control certain uses and disclosures of their health information.
- Adopting and implementing privacy procedures for its practice, hospital, or plan.
- Training employees so that they understand the privacy procedures.
- Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.
- Holding violators accountable, with civil and criminal penalties that can be imposed if they violate patients' privacy rights.
- Striking a balance when public responsibility supports disclosure of some forms of data - for example, to protect public health.
- Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.
The proposed security standard addresses the following policies, practices, and procedures:
- Security and confidentiality policies
- Information security officers
- Education and training programs
Technical Practices and Procedures
- Individual authentication of users
- Access controls
- Audit trails
- Physical security and disaster recovery
- Protection of remote access points
- Protection of external electronic communications
- Software discipline
- System assessment
This rule proposes a standard for a national employer identifier and requirements concerning its use by health plans, health care clearinghouses, and health care providers. The health plans, health care clearinghouses, and health care providers would use the identifier, among other uses, in connection with certain electronic transactions.
Who must comply with these new HIPAA standards?
As required by Congress in HIPAA, the Privacy Rule covers:
- Health plans
- Health care clearinghouses
- Health care providers who conduct certain financial and administrative transactions electronically.