HIPAA
Health Insurance Portability and Accountability Act (HIPAA) - Administrative Simplification
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data. Adopting these standards will improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care.

The compliance date for the privacy standards is April 14, 2003 or, for small health plans, April 14, 2004. A provider must be compliant with electronic data exchange by October 16, 2003 . If a provider transmits any of the designated transactions electronically, it is subject to the HIPAA Administrative Simplification requirements regardless of size. Small providers are exempt from the ASCA provision that excludes paper claims from Medicare coverage effective October 16, 2003. Small providers will be able to continue to submit paper claims. ASCA defines a small provider or supplier as:

1. A provider of services with fewer than 25 full-time equivalent employees or
   
2. A physician, practitioner, facility or supplier (other than provider of services) with fewer than 10 full-time equivalent employees.

CAOS was designed to aid the provider to meet certain HIPAA requirements:

• CAOS will track Notice of Privacy Practices per patient. As of April 14, 2003 all providers must distribute to all existing patients and new patients a notice of privacy practice.
• CAOS will sign a business associate agreement with each provider to adhere to HIPAA compliancy.
• A big part of the security portion of HIPAA will require each provider to maintain a disaster recovery plan. All provider records administered by CAOS are delivered over multiple-redundant servers that each support multiple-redundant power supplies. Our provider files are backed up each day. The back-up tapes are then stored in a fireproof safe (protection for one full hour in fires up to 1700 degrees F.) for additional protection.
• CAOS provides a firewall and audit trails.
• HIPAA requires the removal of 18 elements from a patients chart in order to submit patient information for research, marketing or fundraising. CAOS easily aids in removal of this requested information.
• Wireless technology and palm pilots all fall under HIPAA regulations. Our technical staff will help your practice meet compliancy for this technology by helping to set up passwords and ensuring the PHI does not become available while using wireless technology.
• All faxing of PHI will need to meet certain standards to fall within the HIPPA guidelines. CAOS helps meet compliancy via fax cover sheets and audit trails.
• All providers are required to provide HIPAA education and training by January to April 2003. This education must be documented. CAOS will track HIPPA education and training per employee.
• CAOS utilizes electronic signatures as required under the HIPAA guidelines.
• All PHI- (Protected Health Information) traveling via the internet to the CAOS office and back to the provider is 128 bit encrypted.
• HIPAA requires minimum necessary access. This means that each employee should only be allowed to view the minimum information needed to perform their jobs. The CAOS administrator can easily assign certain access codes to employees to restrict their viewing of PHI.
• The CAOS administrator can also set the time outs on the screen to deter the viewing of PHI from unauthorized individuals when a
  computer is not being used.

Additional information regarding HIPAA and the new compliancy guidelines can be found on the Internet at hss.gov or nchica.org or feel free to contact the CAOS, Inc. home office for additional information and guidelines.