About HIPAA Regulations

MDM is proud to be HIPAA compliant in policies, practices, and technology.

"HIPAA" stands for The Health Insurance Portability and Accountability Act of 1996. The law consists of several parts, including a section that addresses portability of insurance coverage, which is designed to help protect health insurance coverage for workers and their families when they change or lose their jobs. That part of HIPAA was effective in 1996, and MDM implemented it at their founding.

The more recent regulations pertain to another part of the law, known as "Administrative Simplification." The Administrative Simplification provisions are designed to reduce the administrative costs of providing and paying for health care by standardizing electronic transactions and code sets. Administrative Simplification also contains requirements to protect the privacy and security of Protected Health Information (PHI) and will provide for national identifiers for providers, employers and health plans in the future.

Health plans (including insurers and self-funded group health plans), health care clearinghouses and health care providers who engage in electronic transactions are covered by the Administrative Simplification requirements of HIPAA. These are known as "covered entities." To a lesser degree, employers and business associates of covered entities are also affected.

The regulations for employer identifiers have recently been published, and we expect to implement them by the required date in 2004.

MDM supports the right to privacy of our clients and their patients, as well as the administrative efficiencies that can result from the implementation of standard data formats.

Privacy-Implemented April 14, 2003

The Privacy Rule, which took effect April 14, 2003, requires that covered entities establish policies and procedures to protect certain individually identifiable health information referred to as Protected Health Information (PHI), that is stored or transmitted in any form or medium: electronic, paper or oral. The regulations allow the use and disclosure of PHI without authorization for the purposes of treatment, payment or administration of the health-benefits plan. However, most other uses or disclosures, such as marketing a product or service, require written authorization from each individual involved. The Privacy regulations also extend certain rights to individuals, such as the right to access and request amendments to their PHI and to receive notices describing how their PHI is used and disclosed.

Electronic Transactions and Code Set Standards-Implemented October 16, 2003

This regulation requires that providers, group health plans, and health care clearinghouses use industry-wide standard formats and coding for common electronic interfaces and transactions. Employers may choose to adopt federal standards for transmitting data for premium and eligibility transactions.

This regulation was originally scheduled to go into effect in October 2002. However, through the enactment of the Administrative Simplification Compliance Act, President Bush granted an extension to October 2003 for covered entities that file for it.

The official HIPAA government website is: http://www.hhs.gov/ocr/hipaa

Please contact us for additional information on our compliant technology and processes.



Call 508.628.4541  © 2002-2004 Medical Data Management, a Data Distributors Company
Home About Medical Data Management Learn more about MDM's services Read our Guarantee Get more information about MDM's services Contact us with your questions, inquiries, RFPs, etc. Medical Data Management Medical Data Management