In 1996, as a response to protect patients, the United States Congress enacted the Health Insurance Portability and Accountability Act, otherwise known as HIPAA.
The passage of HIPAA added an “Administrative Simplification” (AS) to a portion of the Social Security Act. With the AS, Title II established a set of regulations and guidelines for the electronic transmission of healthcare data, and set up guidelines for the code sets used in medical billing and coding.
In addition to establishing the above regulations and rules, Title II also outlines a number of offenses related to healthcare and prescribes civil and criminal punishments for these fraudulent offenses.
Title II establishes the mandatory use of National Provider Identifier (NPI) numbers. You should remember NPIs from our discussion on creating medical claims. These NPIs are ten characters long, may be alphanumeric, and are never re-used (except in very particular situations). Like ICD or CPT codes, NPIs provide an efficient universal shorthand for identifying a crucial part of the healthcare process.
We ‘ve actually already learned about many of these code regulations: HIPAA formalized the use of ICD codes, CPT codes, and HCPCS codes for use in creating claims. The goal of the AS was to establish a regular, uniform method of communication for any party involved in healthcare, such as insurance payers, providers, clearinghouses, and government agencies. All bodies covered by HIPAA (and this includes most providers and payers, including Medicare and Medicaid) must adhere to these standards of transactions.
Under all the above mentioned HIPAA’s Privacy Rule and activity. We NAHL have undertaken various steps and designed our process to ensure we are fully compliant and trained.
Our entire network is very secure. All clients’ office records are temporarily stored behind a secure firewall before deletion and all electronic claims are securely encrypted for transmission.
Your privacy and security are given the highest priority at NAHL. Our company ensures that all the changes and updates made by HIPAA are properly and correctly communicated amongst the team to ensure highest standards of security and confidentiality.
Each member enters into a confidentiality agreement, the terms of which state that they agree not to use, publish or disclose, or permit others to use, any confidential information they may come in contact with.
Violation of this agreement warrants termination and legal action.
Access cards and biometric access screening control entry of employees into the facility.
Access to critical areas such as the server room is restricted and only authorized personnel have entry rights to these sensitive areas.
Full Internet/Email access is provided to only authorized personnel. Access to computer systems is restricted by logins and passwords, which is unique for every employee.
Mainly for security and as a consequence, a ‘Go-Green’ initiative as well. Connections to the clients’ servers are through secure site-site VPN tunnels with 128-bit encryption.
A dedicated Compliance Officer ensures compliance management processes, which are updated regularly and are stringently adhered to.