HIPAA is Health Insurance Portability and Accountability Act of 1996-A law mandating that anyone belonging to a group health insurance plan must be allowed to purchase health insurance within an interval of time beginning when the previous coverage is lost. The law protects employees, especially those with long-term health conditions who may be reluctant to leave jobs because they are afraid pre-existing condition clauses will limit coverage of any such conditions under a new insurance plan, from losing health insurance due a change in employment status. This act was basically designed to protect the privacy rights of individuals with regard to their confidential medical records. The act greatly restricts the dissemination and transmittal of personal patient information and has dramatically affected the way healthcare information is handled. HIPAA regulations have also tried to restrict the use of preexisting condition exclusions, create special enrollment periods and prohibit discrimination based on health-status related conditions in enrollment and premiums.
HIPAA - Primary objectives
This act was a result of congressional healthcare reform proponents to reform healthcare. The four primary objectives it serves to achieve are:
· Reduce healthcare fraud and abuse
· Assure health insurance portability by eliminating job-lock due to pre-existing medical conditions
· Enforce standards for health information
· Guarantee security, privacy and confidentiality of patient health information
Of the four primary objectives, the fourth objective has the most impact on medical transcription since it deals with handling and transfer of sensitive information of patient health data usually in electronic form. All transcription organizations therefore must be able to support two requirements:
1. Ensure the security and confidentiality of the patient’s Protected Health Information and
2. Maintain an audit trail of all individuals who have had access to Protected Health Information.
This means that transcription service providers must implement technology and business processes in their operation to support these two major requirements.
HIPAA Regulations and its reach-HIPPA regulations have been devised to have broad application with a variety of extensions. These provisions extend to all health care providers who transmit health records in an electronic format and health care billing companies. The Act refers to these organizations as "Covered Entities". Most Medical Transcription Services and their employees are not considered "Covered Entities" under the Act unless their organization also engages in services that put them in the category of "Covered Entity". Medical Transcription Services are typically regarded under the Act as "Business Associates".
Covered Entity and Business Associate
HIPAA defines a Covered Entity (CE) as a health plan, a healthcare clearinghouse, or a healthcare provider who transmits any health information in electronic form in connection with a HIPAA transaction. A physician’s office thereby would fall under the category of a Covered Entity.
The Act defines a Business Associate as "any person or organization that performs a function or activity on behalf of a Covered Entity, but is not part of the Covered Entity's workforce (employees, volunteers, trainees and others) under the Covered Entity's direct control, regardless of whether they are paid by the Covered Entity." A medical transcription service provider would be classified under the definition of a Business Associate.
As a Business Associate, the Medical Transcription Service may not be directly governed by HIPAA regulations. But however, indirectly, the Business Associates are governed in accordance with the fact that Covered Entities are required to obtain written assurances from the Business Associates that they deal with to ensure that patient identifying information is appropriately safeguarded. These written assurances must be included in a written contract between the Covered Entity and the Business Associate.