Health Insurance Portability and Accountability Act (HIPAA)

Chapter 3

Health Insurance Portability and Accountability Act (HIPAA)

Chapter Objectives

1. Define terms, phrases, abbreviations, and acronyms.

2. Discuss the purpose and content of HIPAA regulations.

3. Demonstrate an understanding of the Administrative Simplification section of HIPAA and how it relates to claims processing.

4. Provide an overview of the HIPAA Privacy Rule and how it relates to patient medical information.

5. Discuss provisions outlined under the HIPAA Security Rule.

6. State the importance of HIPAA compliance.

7. List the elements of a compliance plan.

Authorization for release of medical information

Business associate

Civil Monetary Penalties Law (CMPL)

De-identification

Electronic data interchange (EDI)

Employer identification number (EIN)

Health Care Fraud and Abuse Control Program (HCFAC)

Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) Title I

Health Insurance Portability and Accountability Act (HIPAA) Title II

Incentive Program for Fraud and Abuse

Individually identifiable health information (IIHI)

Kassebaum-Kennedy Legislation

Medicaid Integrity Contractor (MIC)

Medicare Integrity Program (MIP)

National Provider Identifier (NPI)

Office of Civil Rights (OCR)

Office of the Inspector General (OIG)

Patient Protection and Affordable Care Act (PPACA)

Program Safeguard Contractor (PSC)

Protected health information (PHI)

Recovery Audit Contractor (RAC)

Tax identification number (TIN)

Zone Program Integrity Contractor (ZPIC)

Acronyms and Abbreviations

American National Standards Institute

American Recovery and Reinvestment Act

Accredited Standards Committee

Civil Monetary Penalties Law

Current Procedural Terminology

Department of Justice

Electronic data interchange

Employer identification number

Electronic protected health information

Health Care Common Procedure Coding System

Health Care Fraud and Abuse Control Program

Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act Title II: Administrative Simplification

Health Information Technology for Economic and Clinical Health Act

International Classification of Diseases, 9th Revision, Clinical Modification

International Classification of Diseases, 10th Revision, Clinical Modification

International Classification of Diseases, 10th Revision, Procedure Coding System

Individually identifiable health information

Medicaid Integrity Contractor

Medicare Integrity Program

National Provider Identifier

National Plan and Provider Enumeration System

National Provider System

Office of Civil Rights

Office of the Inspector General

Patient Protection and Affordable Care Act

Protected health information

Program Safeguard Contractor

Recovery Audit Contractor

Transaction Code Standards

Tax identification number

Zone Program Integrity Contractor

The objective of this chapter is to provide a basic understanding of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 as it pertains to hospital billing and coding. The implementation of HIPAA has and will continue to have a major impact on health care delivery and the processing of health care transactions. HIPAA includes provisions to improve the portability of health insurance, combat fraud and abuse, and simplify the administration of health insurance. A detailed discussion of all HIPAA provisions is beyond the scope of this text. The chapter will provide a brief overview of the purpose and scope of HIPAA regulations. It is critical for hospital personnel to understand HIPAA regulations to ensure compliance. A discussion of HIPAA portability, administrative simplification, privacy, and security provisions will provide a basic understanding of the mandated standards and the consequence of non-compliance with those standards. The chapter will end with a discussion of the elements of a compliance plan.

HIPAA Overview

During the 1990s, the health care industry was facing major issues related to the rising cost of health care. Legislators continued to develop and implement reimbursement methods designed to control health care cost. Health care leaders were called on to identify other issues that contributed to the rising cost of health care. Several contributing factors were identified. The limited access and portability of health insurance coverage was one factor identified. Many individuals did not have health insurance coverage or lost insurance coverage because of limited access or the inability to continue coverage after a job change. Fraud and abuse were other factors identified. The government estimates that billions of dollars are lost to fraud and abuse on an annual basis. The administrative cost of processing health care transactions was seen as another factor. It is estimated that billions of dollars annually are spent on the administration of health insurance. Legislation was developed and passed to address the factors that contributed to the rising cost of health care. The Health Insurance Portability and Accountability Act (HIPAA), also known as the Kassebaum-Kennedy Legislation, was passed by Congress to improve access to health care; provide portability of health insurance coverage; combat waste, fraud, and abuse; and simplify the administration of health insurance.

HIPAA Legislation

HIPAA legislation is outlined under Public Law 104-191. HIPAA was passed by Congress in 1996. HIPAA provisions have been implemented in phases since the legislation was passed. Additional provisions of HIPAA are slated for implementation through 2016. The purpose of the act was to amend the Internal Revenue Code of 1986 to address many health care-related issues, including the continuance of insurance coverage, fraud and abuse, and administrative simplification. HIPAA legislation is broken down into the following five sections, referred to as titles:

• Title I: Health Insurance Reform (Health Care Access, Portability, and Renewability)

• Title II: Preventing Health Care Fraud and Abuse, Administrative Simplification, and Medical Liability Reform

• Title III: Tax-Related Health Provisions

• Title IV: Application and Enforcement of Group Health Plan Requirements

• Title V: Revenue Offsets

This chapter will focus on HIPAA Titles I and II since they have the most significant impact today on health care providers and health insurers. The Health Insurance Portability and Accountability Act (HIPAA) Title I is referred to as Health Insurance Reform since its purpose is to ensure that individuals have access to health insurance coverage. Title I mandates improved access to health care and health coverage, and it imposes new regulations relating to the underwriting process performed by insurance companies to determine whether they will insure an individual. The Health Insurance Portability and Accountability Act (HIPAA) Title II is labeled Preventing Health Care Fraud and Abuse, Administrative Simplification, and Medical Liability Reform. Title II contains regulations aimed at protecting government programs from fraud and abuse. Another objective of HIPAA Title II is to standardize and simplify the processing of health care transactions. Figure 3-1 illustrates the five sections of HIPAA and provisions under HIPAA Title I and Title II.

HIPAA Title I: Health Insurance Reform (Health Care Access, Portability, and Renewability)

The original focus of HIPAA was to ensure portability or continuation of health insurance coverage for workers who lost or changed jobs. Prior to the implementation of HIPAA, insurance companies could deny individuals coverage based on preexisting conditions or health status. Individuals who lost their jobs or changed employment often were unable to obtain health insurance coverage due to preexisting medical conditions. Individuals who presented with a catastrophic illness, such as cancer or HIV infection, could be denied coverage or insurance companies could elect to drop coverage because of the expense of treating such illnesses. HIPAA Title I is designed to reform health insurance to protect health insurance coverage for millions of Americans when they change or lose their jobs. It is designed to guarantee health insurance access, portability, and renewal. Title I of HIPAA includes provisions to achieve three major objectives that relate to portability and continuance of health insurance coverage as outlined below:

• Improve the continuation and portability of insurance coverage by limiting the use of preexisting condition exclusions in health plans.

• Prevent individuals from losing coverage or being denied coverage based on health status by prohibiting insurance companies from discriminating against individuals based on health status.

• Guarantee individuals the ability to renew insurance coverage in multi-employer plans and multiple employer welfare arrangements.

BOX 3-1 CONCEPT REVIEW

HIPAA Title I: Health Insurance Reform

Health Care Access, Portability, and Renewability

• Improve access and continuity of insurance coverage

• Prevent loss of coverage

• Guarantee renewal of health insurance

HIPAA Title II: Preventing Health Care Fraud and Abuse and Administrative Simplification

Efforts to control the rising cost of health care led to the implementation of HIPAA legislation. HIPAA Title II: Prevention of Health Care Fraud and Abuse and Administrative Simplification addresses two areas identified as contributing to the rising cost of health care: fraud and abuse and the cost of administering health insurance. One major objective of HIPAA Title II is to save health care dollars through prevention of health care fraud and abuse. To accomplish this, HIPAA Title II contains provisions to increase prevention and detection of fraud and abuse activities. Another objective is to standardize the health insurance administration process to reduce the cost of processing health care transactions. Health care leaders estimate that administrative costs could be reduced by billions of dollars annually by increasing the use of electronic data interchange (EDI) for health care transactions such as claim submission and payer remittance. CMS defines electronic data interchange (EDI) as the exchange of routine business transactions from one computer to another in a standard format, using standard communications protocols. HIPAA Title II also contains provisions to standardize health care transactions for electronic processing.

Combat Waste, Fraud, and Abuse in Health Care

HIPAA Title II addresses the need to combat waste, fraud, and abuse in health care by increasing funding to support fraud detection activities, increasing civil monetary penalties for fraud and abuse through the creation of several programs: The Health Care Fraud and Abuse Program, The Incentive Program for Fraud and Abuse, and the Medicare Integrity Program.

The Health Care Fraud and Abuse Control Program (HCFAC)

The Health Care Fraud and Abuse Control (HCFAC) Program became effective in 1997. The program was created under HIPAA to identify fraud and abuse in federal programs, such as Medicare and Medicaid, and among private payers. HIPAA legislation established this program and allocated funds from the Medicare Part A Trust Fund to expand fraud and abuse control activities. The program is administered “under the joint direction of the Attorney General and the Department of Health and Human Services (acting through the Office of the Inspector General). The HCFAC program is designed to coordinate federal, state and local law enforcement activities concerning health care fraud and abuse. Monies recovered through fraud investigations must be deposited into the Federal Hospital Insurance Trust Fund, as mandated under HIPAA.”

HIPAA also expanded the definition of fraud to include language indicating that providers can be held liable if they knew or should have known that information on a claim was false. Fraud is defined as an intentional deception or misrepresentation that someone makes, knowing it is false, that could result in an unauthorized payment. The Centers for Medicare and Medicaid Services (CMS) outlines the following as the most common forms of fraud as illustrated in Figure 3-2:

• Billing for services not furnished (phantom billing)

• Misrepresenting the diagnosis to justify payment

• Soliciting, offering, or receiving kickbacks

• Unbundling or “exploding” charges

• Falsifying a certificate of medical necessity, plans of treatment, and medical records to justify payment.

Abuse is defined as actions or practices of health care providers that are inconsistent with accepted sound medical practice, which may result in improper payment. CMS outlines the following as the most common forms of abuse as illustrated in Figure 3-3:

• Claims for services not medically necessary

• Excessive charges for services or supplies

• Improper billing practices, including submission of claims to Medicare instead of third-party payers that are primary insurers

• Unusually large payments in relation to services rendered by lawyers, consultants, agents, and others

• Increasing charges to Medicare beneficiaries but not to other patients.

The Incentive Program for Fraud and Abuse

The Incentive Program for Fraud and Abuse, also created under HIPAA, provides incentives to Medicare beneficiaries and others who report fraud and abuse in the Medicare program. Rewards are paid if the information leads directly to the recovery of Medicare funds.

Medicare Integrity Program (MIP)

Creation of the Medicare Integrity Program (MIP) was authorized under HIPAA legislation. The primary objective of the program is to develop and implement systems to safeguard Medicare payments. One function is to identify and investigate suspicious claims throughout Medicare to ensure that the program does not pay claims other insurers should pay. The MIP also ensures that Medicare pays only for covered services that are reasonable and medically necessary.

HIPAA legislation also granted CMS authority to hire contractors to perform fraud-fighting functions. CMS developed a program called Program Safeguard Contractor (PSC) in 1999 to carry out audits, to identify cases of fraud and abuse, conduct medical reviews, and perform other essential program integrity activities that were previously performed by Medicare contractors who processed claims. The transfer of fraud and abuse work from Medicare contractors to PSC was completed in 2006. The Program Safeguard Contractors were replaced by Zone Program Integrity Contractors (ZPIC) and these contractors are established in seven zones as illustrated in Figure 3-4. A contractor may be responsible for more than one zone. For example, the contractor for Zones 2 and 5 is AdvanceMed. CMS partners with other audit contractors such as Recovery Audit Contractors (RAC) and Medicaid Integrity Contractors (MIC). Recovery Audit Contractors (RAC) are audit contractors hired by CMS to carry out Medicare audits to identify and correct underpayments and overpayments, conduct medical reviews, and perform other essential program integrity activities. Medicaid Integrity Contractors (MIC) are audit contractors hired by CMS to carry out Medicaid audits, conduct medical reviews, and perform other essential Medicaid program integrity activities. Audits performed by these contractors can result in demands for repayment, civil and criminal penalties, and exclusion from government programs.

BOX 3-2 CONCEPT REVIEW

HIPAA TITLE II: Health Care Fraud and Abuse Initiatives

1. Increased funding to detect fraudulent activities

2. Increase civil and monetary penalties for fraud violations

3. Create programs to focus on fraud and abuse activities:

• The Health Care Fraud and Abuse Program (HCFAC)

• The Incentive Program for Fraud and Abuse

• The Medical Integrity Program (MIP)

Simplify the Administration of Health Insurance

The Title II: Administrative Simplification portion of the HIPAA regulations is designed to improve the efficiency and effectiveness of the nation’s health care system by encouraging the widespread use of electronic data interchange (EDI). HIPAA Title II contains provisions that mandate the adoption of national standards for electronic health transactions, including standard transactions and code sets (TCS), and national identifiers for providers, health plans, and employers. The increased use of EDI brought with it concerns regarding the security and privacy of health data.

The implementation dates for HIPAA provisions are determined based on the publication date of the final rule. Before a rule (or law) becomes final, a preliminary draft is published in the Federal Register with a time frame for comments. After the comment period, the preliminary draft is revised to reflect the consensus of all comments received, and the final rule is published. Generally, once the final rule is published there is a 2-year plus 60-day period before the rule becomes effective. All covered entities are required to comply with the HIPAA regulations on the effective date published in the Federal Register. The Federal Register can be accessed at www.gpo.gov/fdsys/. Table 3-1 outlines implementation dates for various HIPAA regulations.

TABLE 3-1

HIPAA Regulations: Implementation Dates

Date	Implementation of HIPAA Regulations
August 21, 1996	HIPAA passed by Congress.
April 14, 2001	Privacy rule final implementation
October 16, 2003	Electronic Health Care Transactions and Code Sets (Medicare will only accept paper claims under limited circumstances)
April 14, 2003–April 20, 2006	Privacy Standards, Employer Identifier Standard, Security Standards (all covered entities and small health plans)
May 23, 2008	National Provider Identifier (all covered entities except small health plans)
January 1, 2012	ASC X12N Version 5010 Standards—replace Version 4010/4010A
January 1, 2013	Effective date for operating rules for eligibility for health plan and health claims status transactions
October 1, 2014	ICD-10-CM and ICD-10-PCS Code Sets for medical diagnosis and inpatient procedures. The original implementation date was October 1, 2013. The DHHS published a final rule that delays the ICD-10 compliance date to October 1, 2014.
December 31, 2013	Certification, Part 1—Health plan must certify data and information systems are in compliance with applicable standards and operating rules for health plan eligibility, health claims status, electronic funds transfer and health care payment and remittance advice.
January 1, 2014	Effective date of operating rules and standards for electronic funds transfers (EFT) and remittance advice
April 1, 2014	Penalties may be assessed against a health plan that has failed to meet the certification and compliance requirements for standards and operating rules.
December 31, 2015	Certification, Part 2—Health plan must certify that its data and information systems are in compliance with applicable standards and operating rules for: health claims or equivalent encounter information; enrollment and disenrollment in a health plan; health plan premium payments; referral certification and authorization and health claims attachments
January 1, 2016	Effective date of operating rules for health claims or equivalent encounter information, enrollment and disenrollment in a health plan, health plan premium payments, referral certification and authorization, health care claims attachments Effective date of standard for health care claims attachments

(Revised data from Centers for Medicare and Medicaid Services, www.cms.gov/HIPAAGenInfo/.)

BOX 3-3 CONCEPT REVIEW

HIPAA Title II: Fraud Prevention and Administrative Simplification

Combat Waste, Fraud, and Abuse in Health Care

• Increase funding to combat waste, fraud, and abuse

• Amend penalties for fraudulent activities

Simplify the Administration of Health Insurance

• Electronic transaction and code sets standards

• Privacy requirements

• Security requirements

BOX 3-1 Test Your Knowledge

HIPAA OVERVIEW; HIPAA LEGISLATION

1. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was developed and implemented to improve access to health care insurance and portability of health insurance coverage; to combat waste, fraud, and abuse; and to simplify the administration of health insurance.	T	F
2. HIPAA is broken down into two sections, referred to as titles.	T	F
3. HIPAA legislation is outlined under Public Law 104-191. HIPAA was passed by Congress in 1996 and was completely implemented in 1997.	T	F
4. The original focus of HIPAA legislation was to ensure the portability or continuation of health insurance coverage for workers who lost or changed jobs.	T	F
5. The process followed for a rule to become final begins with publication of a preliminary draft in the Federal Register, after a comment period the draft is revised to reflect comments received, and the final rule is published and the rule becomes effective within 60 days.	T	F

6. The original focus of this section under HIPAA was to ensure portability or continuation of health insurance coverage for workers who lost or changed jobs.

7. In the 1990s health care leaders were called on to identify other issues that contributed to the rising cost of health care. Contributing factors identified included limited access and portability of health insurance coverage, as well as fraud and abuse. List one other contributing factor.

8. List another name used when referring to the Health Insurance Portability and Accountability Act (HIPAA).

9. This section of HIPAA is designed to combat fraud and abuse in health care by increasing funding to support fraud detection activities, by increasing civil monetary penalties for fraud and abuse, and through the creation of several programs.

10. HIPAA legislation was passed by Congress in 1996 under what section of the law?

Indicate whether the following statements are fraud or abuse

11. Soliciting, offering, or receiving kickbacks

12. Improper billing practices, including submission of claims to Medicare instead of third-party payers that are primary insurers for Medicare beneficiaries

13. Increasing charges to Medicare beneficiaries but not to other patients.

14. Unbundling or “exploding” charges

15. Billing for services not furnished (phantom billing)

Match the following descriptions with the appropriate program name.

A Program Safeguard Contractors (PSC)

B Health Care Fraud and Abuse Control (HCFAC)

C Incentive Program for Fraud and Abuse

D Medicare Integrity Program (MIP)

E Zone Program Integrity Contractors (ZPIC)

16. ____ This program was created under HIPAA in 1997 to identify fraud and abuse in federal programs, such as Medicare and Medicaid, and among private payers.

17. ____ Creation of this program was authorized under HIPAA legislation and the primary objective of the program is to develop and implement systems to safeguard Medicare payments.

18. ____ This program was developed by CMS in 1999 to carry out audits, conduct medical reviews, and perform other essential program integrity activities that were previously performed by Medicare contractors who processed claims.

19. ____ Special fraud-fighting contractors that replaced Program Safeguard Contractors (PSC).

20. ____ A program created under HIPAA that provides incentives to Medicare beneficiaries and others who report fraud and abuse in the Medicare program.

HIPAA Regulations

The health care industry is governed and regulated in accordance with many state and federal regulations. Health care providers must implement systems to ensure compliance with all state and federal regulations. Compliance is the term used to describe the act of following standards in accordance with state and federal regulations. A number of federal laws mandate compliance and have provisions for sanctions against individuals or organizations that do not comply, particularly in the areas of privacy and security of patient information, billing, and coding guidelines and claim submission requirements. For example, the Civil Monetary Penalties Law (CMPL) of 1983 was passed for the purpose of prosecuting cases of Medicare and Medicaid fraud. This law contains provisions regarding sanctions that can be imposed on individuals or organizations convicted of fraudulent activities as defined in the Federal False Claims Act. The sanctions imposed under the CMPL are outlined below; however, it is important to note that they are periodically updated.

• A penalty of up to $10,000 for each item or service wrongfully listed on a claim submitted to Medicare or Medicaid.

• An assessment of up to triple the total amount improperly claimed.

• Suspension from government programs for a period defined by the Department of Health and Human Services (DHHS).

BOX 3-4 CONCEPT REVIEW

Compliance

The Act of Following Standards in Accordance With State and Federal Regulations

• Health Insurance Portability and Accountability Act (HIPAA) regulations

• State and Federal Laws

The Federal False Claims Act

Civil Monetary Penalties Law (CMPL)

Enforcement and Penalties

HIPAA legislation mandates compliance with the standards and provisions involving administrative simplification, privacy, and security. Civil and/or criminal penalties may be imposed for non-compliance of HIPAA standards. A three-tier civil penalty structure for HIPAA violations was established under the American Recovery and Reinvestment Act (ARRA) of 2009 that was signed into law on February 17, 2009. The Secretary of the DHHS is still prohibited from imposing civil penalties (except in cases of willful neglect) if the violation is corrected within 30 days (this time period may be extended). Criminal penalties can be imposed for the following violations:

• Knowingly obtaining or disclosing individually identifiable health information (IIHI): $50,000 and imprisonment for up to 1 year.

• Offenses committed under false pretenses: $100,000 and up to 5 years in prison.

• Offenses committed with the intent to sell, transfer, or use IIHI for commercial advantage, personal gain, or malicious harm: $250,000 and imprisonment for up to 10 years.

Compliance requirements including the date of compliance, are published in the Federal Register. Figure 3-5 illustrates HIPAA objectives and enforcement agencies that can impose penalties for non-compliance. Three agencies responsible for enforcing standards and provisions are the Office of the Inspector General (OIG), the Centers for Medicare and Medicaid Services (CMS), and the Office of Civil Rights (OCR).

Office of the Inspector General (OIG)

The Office of the Inspector General (OIG) is an agency under the Department of Health and Human Services (DHHS) that is responsible for the detection and prevention of fraud and abuse. The OIG monitors compliance and enforces laws related to fraud and abuse (Figure 3-6). When a Medicare provider allegedly commits fraud, an investigation is conducted by the OIG. If evidence of fraud or abuse is found by the OIG, the case is referred to the Department of Justice (DOJ) for prosecution. Criminal, civil, and/or administrative sanctions for fraud convictions may include:

• Civil penalties of up to $10,000 for each service or item falsely reported on the claim plus triple damages under the Federal False Claims Act.

• Criminal fines and/or imprisonment of up to 10 years if there is a conviction of the crime of health care fraud as outlined under HIPAA, or for violations of federal antikickback statutes, imprisonment of up to 5 years and/or criminal fines of up to $50,000.

• Administrative sanctions such as exclusion from participation in Medicare and state programs may be imposed in addition to civil monetary penalties.

Centers for Medicare and Medicaid Services (CMS)

The Centers for Medicare and Medicaid Services (CMS) is an agency under the DHHS that oversees the Medicare and Medicaid programs. CMS enforces many laws related to the Medicare and Medicaid programs including the HIPAA standard transaction and code set provisions. Non-compliance with HIPAA standard transaction and code set provisions may result in monetary penalties. Monetary penalties that may be imposed for failing to comply include:

• $100 per violation

• $25,000 annual cap for a single standard

• Exclusion from the program

Office of Civil Rights (OCR)

The Office of Civil Rights (OCR) is an agency under the DHHS that is responsible for monitoring compliance and enforcement of HIPAA privacy and security standards. Complaints regarding privacy issues are submitted by individuals or other entities to the OCR in writing. The OCR conducts an investigation and determines required action. There are civil and criminal penalties for violating HIPAA privacy and security provisions. Penalties for violations can be imposed only on covered entities and business associates. Civil and criminal penalties are as follows:

• Civil penalties for HIPAA privacy violations can be up to $100 for each offense, with an annual cap of $25,000 for repeated violations of the same provision.

• Criminal penalties based on the type of violation:

For covered entities who knowingly obtain or disclose individually identifiable health information (IIHI): up to $50,000 and 1 year in prison

For misuse under false pretenses: up to $100,000 and 5 years in prison

For offenses committed with the intent to sell, transfer, or use individually identifiable health information (IIHI) for commercial advantage, personal gain, or malicious harm: up to $250,000 and 10 years in prison

BOX 3-5 CONCEPT REVIEW

HIPAA Enforcement Agencies

Agencies responsible for enforcing HIPAA standards and provisions include

• Office of the Inspector General (OIG)

• Centers for Medicare and Medicaid Services (CMS)

• Office of Civil Rights (OCR)

State Laws and HIPAA

State laws may contain more stringent privacy protections that apply over and above the federal privacy standards. For example, states may have special privacy requirements for patients tested, diagnosed, or treated for alcohol and drug abuse, sexually transmitted diseases, or mental health disorders.

HIPAA regulations specify the organizations that are required to comply with all provisions; they are referred to as covered entities.

Covered Entities

A covered entity is an organization involved with health care delivery that provides health care services, submits claims for services, or provides health care coverage. HIPAA identifies three types of covered entities that must follow the regulations as illustrated in Figure 3-7:

• Health care providers

• Health plans

• Health care clearinghouses

Health Care Providers

Health care providers are people or organizations that render health care services, bill for services rendered, and are paid for those services in the normal course of business. Examples of health care providers include hospitals, physicians, ambulatory surgery centers and other facilities, home health agencies, and ambulance services. In accordance with HIPAA regulations, CMS requires that Medicare claims be sent electronically from all providers with the exception of small practices that have less than 10 employees.

Health Plans

Health plans that provide medical care or pay for care rendered by other providers are considered covered entities. Health plans outlined under HIPAA include group health plans, health insurance carriers, health maintenance organizations, and most federal health care agencies.

Health Care Clearinghouse

A clearinghouse is an organization that receives claim information from hospitals and other providers in various formats for conversion to a required format for submission to various payers. Health care clearinghouses as defined under HIPAA include billing service companies, repricing companies, and value-added networks that process nonstandard data elements into standard data elements for the purpose of transmission of claims between health care providers and health plans.

Only gold members can continue reading. Log In or Register to continue

You may also need

Related

Tags: Understanding Hospital Billing and Coding

Mar 24, 2017 | Posted by admin in NURSING | Comments Off

Premium Wordpress Themes by UFO Themes

WordPress theme by UFO themes