HIPAA Questions
Do
you need a HIPAA Business Associate Agreement with Medical
Software Tools?
 Rarely would Medical Software
Tools personnel need to
access any of your patient records. Therefore, there
may be no need for a HIPAA Business Associate Agreement
with Medical Software Tools. In the event that
you encountered a technical problem (e.g. corrupted
database), requiring you to send any patient information
to us, we would agree to a Business Associate Agreement
and enforce a Chain of Trust to protect any information
sent to us.
Click
on the link below to generate a Business Associate Agreement.
You can then have an authorized person sign it and fax
it to us. We can then approve the form and fax it back
to you.
Business
Associate Agreement (.pdf)
Health
Insurance Portability and Accountability Act of 1996-
Summary of Administrative Simplification Provisions
Standards
for electronic health information transactions.
Within 18 months of enactment, the Secretary of HHS
is required to adopt standards from among those already
approved by private standards developing organizations
for certain electronic health transactions, including
claims, enrollment, eligibility, payment, and coordination
of benefits. These standards also must address the security
of electronic health information systems.
Mandate
on providers and health plans, and timetable.
Providers and health plans are required to use the standards
for the specified electronic transactions 24 months
after they are adopted. Plans and providers may comply
directly, or may use a health care clearinghouse. Certain
health plans, in particular workers compensation, are
not covered.
Privacy.
The Secretary is required to recommend privacy standards
for health information to Congress 12 months after enactment.
If Congress does not enact privacy legislation within
3 years of enactment, the Secretary shall promulgate
privacy regulations for individually identifiable electronic
health information.
Pre-emption
of State Law. The bill supersedes state laws,
except where the Secretary determines that the State
law is necessary to prevent fraud and abuse, to ensure
appropriate state regulation of insurance or health
plans, addresses controlled substances, or for other
purposes. If the Secretary promulgates privacy regulations,
those regulations do not pre-empt state laws that impose
more stringent requirements. These provisions do not
limit a State's ability to require health plan reporting
or audits.
Penalties.
The bill imposes civil money penalties and prison for
certain violations.
HIPAA
Administrative Simplification Compliance Deadlines
|
Date |
Deadline |
|
October
15, 2002 |
Deadline
to submit a compliance extension form for Electronic Health Care Transactions
and Code Sets. |
|
October
16, 2002 |
Electronic
Health Care Transactions and Code Sets - all covered entities except those
who filed for an extension and are not a small health plan. |
|
April 14,
2003 |
Privacy -
all covered entities except small health plans. |
|
April 16,
2003 |
Electronic
Health Care Transactions and Code Sets - all covered entities must have
started software and systems testing. |
|
October
16, 2003 |
Electronic
Health Care Transactions and Code Sets - all covered entities who filed for
an extension and small health plans. |
|
October
16, 2003 |
Medicare
will only accept paper claims under limited circumstances. |
|
April 14,
2004 |
Privacy -
small health plans. |
|
July 30,
2004 |
Employer
Identifier Standard - all covered entities except small health plans. |
|
April 20,
2005 |
Security
Standards - all covered entities except small health plans. |
|
August 1,
2005 |
Employer
Identifier Standard - small health plans. |
|
April 20,
2006 |
Security
Standards – small health plans. |
|
May 23,
2007 |
National
Provider Identifier - all covered entities except small health plans |
|
May 23,
2008 |
National
Provider Identifier - small health plans |
As published by CMS at: http://www.cms.hhs.gov/hipaa/hipaa2/general/background/
Last Modified on Friday, September 17,
2004
|
