HIPAA (Health Insurance Portability & Accountability Act) Patient Confidentiality Protecting the patients’ privacy is an essential part of the physician/patient relationship. The most important issues that a physician needs to be aware of in doing business with Valley health Plan (VHP) are the following key points:
SECTION 14: HIPAA (HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT)
1. are responsible for all of the Protected Health Information (PHI) created as the result of Section Providers 14: keeping records and billing for services. Any requests made to VHP by a patient to restrict or alter medical record information will be referred back to the provider’s office. 2. Providers must use the appropriate codes for services and ensure that the treating provider is identified. Providers must ensure that that all electronic or paper claims transmissions are secure and in the correct format. 3. Providers must give all of your patients the HIPAA privacy rules and their rights to requesting alterations or restrictions of their medical records 4. Providers must maintain a secure environment that protects PHI from an unauthorized person. 5. Provider’s staff Members may only use only the PHI that is necessary to perform their job responsibilities. 6. Providers may transmit PHI to other parties without patient consent only for the purposes of treatment, payment, or operations (including regulatory reporting and compliance). 7. Providers may not release PHI to another party without the patient’s authorization for purposes other than Treatment, Payment or Operations. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 addresses the efficiency and effectiveness of data exchange for administrative and financial transactions and the security and privacy of healthcare information. Among the key components of the regulations are: 1) Standards for Privacy of Individually Identifiable Health Information; 2) Transaction Codes and Identifiers; and 3) Security and Electronic Signature Standards. HIPAA regulations require health plans, providers and healthcare clearinghouses to protect the privacy of patient information. To monitor compliance, VHP will review procedures and practices for confidentiality and medical record documentation as part of the site audits and Medical Records Review. The Department of Health and Human Services is required to adopt “national uniform standards” for the following areas: a) Financial Transactions: includes claims and encounters, enrollment, claim status, insurance eligibility, referrals, and claim payment and remittance b) Code Sets: includes Diagnosis and Procedure coding (ICD9, CPT4, NDC, and HCPCS), involving disease, injuries, impairments, drugs, procedures, and billing c) Unique Identifiers: includes Individuals, Providers, Employers, and Health Plans d) Security: includes administrative security management procedures, physical access safeguards, technical security services and mechanisms, and electronic signature requirements e) Privacy and Health Information Disclosure: includes privacy protection practices and procedures to monitor release of information Financial Transactions Providers are not required to submit claims electronically, but they are required to use the standard format for all claims submitted electronically. Payers, on the other hand, must have the capability to send and receive electronic transactions using the designated standards.
www.valleyhealthplan.org rev.2020
Section 14
Page 54 of 68
