It used to be that Compliance Departments within hospitals were part of the office of the Medical Director or General Counsel. Sometimes, the Risk Manager herself played the role of both Risk Manager and when it was necessary, managed compliance issues Sure, Medical Records had compliance responsibilities, but they mostly comprised making sure the appropriate forms were completed (such as pathology and Radiology readings). In the late 1990's, the trend toward digitization of electronic health records raised new health care compliance concerns: privacy and security. HIPAA, which is an acronym for the Health Insurance Portability and Accountability Act of 1996, did not originate in health care compliance, at least not directly. Rather, HIPAA was originally meant to concentrate on portability issues. The goal of HIPAA was to allow a company's employees to move from job to job without their health insurance being affected as a result of denials of enrollment because of preexisting conditions. Yet, HIPAA lawyers (yes, the term was coined during this time) realized that health insurance companies had to perform certain actuarial calculations in order to assess risk and set premiums, and, to that end, they had to review the claims experience. The only practical way to do that was to review the codes used for those claims. There was a problem, though: every state had its own set of claims codes, creating a cyber Tower of Babel." This incited aides to the Congress and Dept. of social services to create a single, unified set of claims codes. Yet, as with most things legislative, this begat another concern: this constant transfer of data meant that there was the possibility of huge security holes wherein unscrupulous individuals or businesses could grab data and use it for nefarious purposes. Accordingly DHHS opened the floor, electronically, to comments about medical privacy and received over forty thousand, including many egregious incidents of misappropriated medical information. These stories led to the HIPAA Privacy Rule, in which criteria for use and disclosures of medical information were established. Shortly thereafter, the HIPAA Security Rule, concerning the creation, storage, uses and disclosures of electronic health information took effect. The combined Rules exceeded 600 pages, and thus a category of healthcare counsel known as "HIPAA Law" was born. HIPAA lawyers and HIPAA consultants worked furiously, as a veritable cottage industry to the medical profession, to prepare for the effective dates of the Privacy and Security Rules. Healthcare compliance, then, added a new and, to some, overwhelming category: privacy and security. These changes have inspired the creation of all sorts of new entire departments within hospitals: privacy offices, medical information offices, and more. This trend was given a significant boost in 2004, when President George W. Bush issued an Executive Order setting in motion a national transition to an interoperable electronic health record system by 2004. Funding for this initiative was established on a regional basis with grants in legislation established by Congress (Hillary Rodham Clinton was a sponsor of one of the first bills). The Office of National Coordinator of Health Information Technology was established in 2004, but there was little coordination because regions of the country were slow to adopt the new technology, in light of the challenges of hospital economics (thin margins, slow reimbursements, etc.). Even so, despite the resistance of medical professionals to give up the comfort of paper and pencil, Medicare, stopped accepting paper claims. In early 2009, there was a law passed that makes it important for Risk Managers and Compliance officers to understand some of the intricacies of HIPAA law as it affects electronic health records. Congress passed and the president signed, as part of the American Recovery and Reinvestment Act, an act intentionally obvious acronym HITECH (Health Information Technology for Economic and Clinical Health). In a reprise of the concerns which led to the implementation of the HIPAA Privacy and Security standards, HITECH did three things that will change the daily activities of Risk Managers, hospital counsel, Privacy Officers and IT and Security Officers. The first thing it does, is provide $30 billion to incentivize the transition of health record systems that are interoperative. Established on January 13, 2010, criteria for access to those funds, principally the ability to exchange electronic health information in an accurate, timely and secure manner. In addition to all that, the third way in which it affects the healthcare industry is that it requires that all information is accessible in a way that is consistent and buttressing old HIPAA privacy and security standards. And, as if this weren't enough for beleaguered hospital staff, the HIPAA Rules were expanded and strengthened. As regulations are promulgated to implement these new rules and statutes hospital staff and executives, with time to learn these laws and regulations at a premium in an era of economic scarcity when they must make do with less, will undoubtedly turn to HIPAA lawyers and those those who specialize in HIPAA consulting. Healthcare compliance will truly become HIPAA compliance.
Article Source: http://www.articlecontentprovider.com/articlesubmit
A brief history of HIPAA and Healthcare compliance law.
Does your company need hipaa lawyers? Our lawyers have vast experience in the area of hipaa consulting and we would love to work with you.
Please Rate this Article
5 out of 5 4 out of 5 3 out of 5 2 out of 5 1 out of 5
