Logo Image

Accredited as a provider of continuing nursing education by the American Nurses Credentialing Center's Commission on Accreditation.

 

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

•Work was being done in the mid 1990s to reform health care. The focus was on providing greater access to health care and addressing administrative concerns.
•In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted into law. The law contains a section known as Administrative Simplification provisions that require HHS to adopt national standards for:
•Electronic transactions and code set standards
•Privacy
•Security
•National identifiers
•HIPAA calls for changes to streamline the administration of health care, it promoted uniformity by requiring standards for several administrative transactions. Under HIPAA, each payer can no longer have unique processes for electronic transactions. When conduction electronic administration transactions, all entities covered under HIPAA must use the same standard format. 

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

•Congress soon recognized that advances in electronic technology could erode the privacy of health information. This led to the incorporation into HIPAA provisions that mandated the adoption of
Federal privacy protections for individually identifiable health information (IIHI). The final privacy rule was published in August 2002. This rule set the privacy standards by three types of covered entities (CEs): health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically.
•HHS published a final Security Rule, February 2003. This Rule set national standards for protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI). Compliance with the Security Rule was required as of April 20, 2005.
•January 23, 2013, HHS announced the final Omnibus Rule, modifying the HIPAA Privacy, Security, and Enforcement. Compliance by BAs and CEs became effective September 23, 2013.
•The Final Omnibus Rule, is based on statutory changes under the HITECH Act, enacted as part of the American Recovery & Reinvestment Act (ARRA) 2009 and the Genetic Information Nondiscrimination Act of 2008 (GINA), which clarifies that genetic information is protected under the HIPAA Privacy Rule and prohibits most health plans from using or disclosing genetic information for underwriting purposes.
• The Final Omnibus Rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law. All CEs and BAs must be in compliance with the Final Rule as of September 23, 2013.

HIPAA is a very robust rule and contains many sections. This training module discusses the current HIPAA Privacy and Security Rules as well as Enforcement and Penalties for non compliance.  The module also provides guidelines for implementing the rules to meet compliance standards within the health care workplace.

•Affordable Care Act: regulations and guidance for the HHS to implement parts of the Affordable Care Act that deal with private and public health insurance
•Patient Safety and Quality Improvement Act of 2005 (PSQIA) Patient Safety Rule: Protects confidential patient safety work product and permitted disclosures of patient safety work product
•Health Information Technology for Economic and Clinical Health (HITECH) Act provides HHS with the authority to write regulation and guidance to support development of a nationwide health information technology infrastructure.
•The Office of the National Coordinator for Health Information Technology’s (ONC) work on eHRs and health IT is governed by HITECH Act regulations.
•The OCR administers the Privacy Rule and the Security Rule

HIPAA Privacy and Security Rules

The HIPAA Rules apply to Covered Entities (CEs) and Business Associates (BAs)

•Individuals, organizations, and agencies that meet the definition of a Covered Entity (CE) under HIPAA must comply with the HIPAA Rules requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.
•If a CE engages a Business Associate (BA) to help it carry out its health care activities and functions, the CE must have a written BA contract with the BA that establishes specifically what the BA has been engaged to do and requires the BA to comply with the HIPAA Rules requirements to protect the privacy and security of protected health information (PHI). BAs must have BA contract with subcontractor. BA liability flows downstream. Each downstream contract must be as stringent as the one above.
•CEs are liable for violations of BA agent and BAs are liable for violations of a subcontractor agent acting within the scope of agency.

 

A HIPAA covered entity (CE) is any organization or corporation that directly handles protected health information (PHI) or personal health records (PHR). 

A CE is one of the following:

•Health Care Provider: doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies  (only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard).
•Health Plan: health insurance companies, HMOs, company health plans, government programs that pay for health care (Medicare, Medicaid, military and veterans health care programs).
•Health Care Clearinghouse: entities that process nonstandard health information they receive from another entity into a standard electronic format or data content.

It’s important for all CEs and their administrative workforce including health care providers, Registered Nurses, and other health care workers, to understand HIPAA guidelines for their business associates (BAs).

A Business Associate is one of the following:

•Third party administrator who assists a health plan with claims processing; Patient Safety Organizations and others involved in patient safety activities; Health Information Organizations (e-prescribing gateways or health information exchanges that transmit and maintain PHI and personal health record vendors physicians sponsor for their patients; pharmacy benefits manager; independent medical transcriptionist; Consultant who provides utilization reviews; attorney whose legal services to a health plan involve access to PHI; subcontractors that create, receive, maintain, or transmit PHI on behalf of BAs.
•BAs must comply with the following HIPAA Privacy Rules:
•Agree to terms of a BA agreement related to use and disclosure of PHI
•Provide PHI to Secretary upon demand
•Provide electronic copy of PHI available to an individual related to an individual’s request for an electronic copy of PHI
•Make reasonable effort to limit PHI to the minimum necessary to accomplish the intended use, disclosure, or request
•Enter into a business associate agreement with subcontractors that create or receive PHI on their behalf. BAs are responsible for their subcontractors.
•Be directly liable for violations of HIPAA Privacy Rules
•Physicians are liable for actions of their BAs who are agents, but not for actions of those BAs who are independent contractors.
•BA agreements
•HIPAA requires CEs to enter into a HIPAA-compliant BA agreement with each of the health plan’s BA that performs services for the health plan and has access to PHI.

 

 

 

Group Account Features

Our LMS is built to handle groups and corporate accounts ranging from a few employees to tens of thousands.

More Info

Host Our Courses on Your LMS

Do you have over 100 employees and want to host our courses on your internal LMS? Contact us to find our how.

Contact Us

Our Features

  • ANCC Accredited
  • Nationally Recognized Certificate
  • US Board Certified Planners & Presenters
  • Based on Latest Guidelines
  • 30 Day Money Back Guarantee
  • Free Retakes on Exam Until You Pass
  • Instant Access - 100% Online
  • Access 24/7 from Anywhere
  • No Recurring Fees
  • Instant Certificate Printing
  • Unlimited Free Support

 

Have Questions?

Call Us
Toll Free: 1.888-362-2288
9am – 5pm MST Monday – Friday
Live Chat

Email Us

Credentialing

Need help understanding the credentialing maze? We can help.

Get Started