The HIPAA Electronic Data Exchange (EDI) provision was scheduled to take effect in October 2003. Due to widespread confusion and difficulty in implementing the rule one-year extension was granted by Centers for Medicare & Medicaid Services (CMS), but since in one year full implementation was not achieved an open-ended "contingency period" started. Penalties for non-compliance were not levied; however, all parties are expected to make a "good-faith effort" to come into compliance. (see http://www.cms.hhs.gov/TransactionCodeSetsStands/02_TransactionsandCodeSetsRegulations.asp#TopOfPage).
The code sets represent Current Procedural Terminology (CPT) codes (https://catalog.ama-assn.org/Catalog/cpt/cpt_home.jsp), International Classification of Diseases (ICD) (http://www.who.int/classifications/icd/en/index.html), National Drug Code (NDC) (http://www.fda.gov/cder/ndc/).
Monday, April 30, 2007
HIPAA Privacy Rule
The HIPAA Privacy Rule regulates how certain entities, called covered entities, use and disclose certain individually identifiable health information, called protected health information (PHI). Among other provisions, the Privacy Rule:
· gives patients more control over their health information;
· sets boundaries on the use and release of health records;
· establishes appropriate safeguards that the majority of health-care providers and others must achieve to protect the privacy of health information;
· generally limits release of information to the minimum reasonably needed for the purpose of the disclosure;
· generally gives patients the right to obtain a copy of their own health records and request corrections; and empowers individuals to control certain uses and disclosures of their health information.
Patients' Clinical Data Management and HIPAA
Clinical data management (CDM) systems and increasing automation of the electronic medical record ("EMR") present significant patient privacy and confidentiality issues.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets standards for protecting the privacy of persons' health records. These rules apply to “covered entities” as defined by HIPAA and the Department of Health and and Human Services (HHS). Covered entities include health plans, health care clearinghouses, such as billing services and community health information systems, and health care providers that transmit health care data in a way that is regulated by HIPAA.
PHI (Protected Health Information) is any information about health status, provision of health care, or payment for health care that can be linked to an individual. This is interpreted rather broadly and includes any part of a patient’s medical record or payment history.
Per the requirements of HIPAA Title II (named: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform), the HHS has promulgated five rules regarding Administrative Simplification: the Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifiers Rule, and the Enforcement Rule.
Where Should Patients Medical Records (PHR) Be Available
Medical data have always been exchanged between care providers. The scope extands far beyond the walls of the facility where a patients is usually seen.
Care management organisations would like to have medical information available for questions about eligibility for treatment. Delivery networks (such as hospitals and clinics) would like PHR to be available to the services within the system (clinical, administrative, and financial). Individual healthcare providers would like the PHR to be available to them as the patient enters their practice. Patients will want their records to be available wherever they present themselves to get care.
Traditional methods include the telephone, fax, and post, but these are inferior to computerised communication methods in ease of use, speed of access, cost, and reliability. The development of email has made medical data exchange simple and quick, but it is still considered insecure and operates only between users who know each other's address. Depending on the parties involved, email correspondence may be slow or unreliable. Evidently, any system that attempts to provide the "correct" scope of access should be able to cover all of the above simultaneously. In consequence, such a system should focus on a flexible delivery mechanism. As the location of the point of care cannot be predetermined, global availability is needed. The world wide web could fulfil this requirement.
Care management organisations would like to have medical information available for questions about eligibility for treatment. Delivery networks (such as hospitals and clinics) would like PHR to be available to the services within the system (clinical, administrative, and financial). Individual healthcare providers would like the PHR to be available to them as the patient enters their practice. Patients will want their records to be available wherever they present themselves to get care.
Traditional methods include the telephone, fax, and post, but these are inferior to computerised communication methods in ease of use, speed of access, cost, and reliability. The development of email has made medical data exchange simple and quick, but it is still considered insecure and operates only between users who know each other's address. Depending on the parties involved, email correspondence may be slow or unreliable. Evidently, any system that attempts to provide the "correct" scope of access should be able to cover all of the above simultaneously. In consequence, such a system should focus on a flexible delivery mechanism. As the location of the point of care cannot be predetermined, global availability is needed. The world wide web could fulfil this requirement.
Subscribe to:
Posts (Atom)