HIPAA ction
HIPAAdvisory > HIPAAction > HIPAAnotes > Archives Phoenix Health Systems



HIPAAnotes Volume One, Numbers 18-20

No. 18 (3/7/01):
HIPAAterm: Privacy/Security Officer: One and the Same?

HIPAA requires covered entities to have a central point of control for security issues, as well as a designated Privacy Official. Many organizations have assumed that the same person will fill these two roles.

A small covered entity, such as a physician’s office, will most likely combine these two roles. However, many argue that a large entity should have two different positions.

The American Health Information Management Association (AHIMA) strongly suggests that the Privacy Official be a HIM professional, since the development and implementation of organizational privacy policies and procedures has traditionally been an HIM role.

Obviously, a Security Officer should have information security training, the most recognized being a Certified Information Systems Security Professional (CISSP).

HIPAA doesn't offer any guidance on this issue. It neither requires nor prohibits “dual-hatting” someone. Once again, HIPAA's orientation is flexibility and scalability, not prescriptive limits.

For more information, go to: http://www.hipaadvisory.com/action/privacy/

No. 19 (3/14/00)
HIPAAreg: Transaction Standards: Friend, NOT Foe

Has your organization started working on implementing the HIPAA Transaction Reg yet? Did you know that this standard is where most healthcare entities can save significant dollars?

About 400 different formats are currently used nationwide to process electronic health care claims. This lack of standardization has made it difficult and expensive to develop and maintain software. Its cumbersome complexity also has created a widely-criticized system that is expensive and inefficient for the providers and payers who must use it each day.

The HIPAA Transaction Reg streamlines transactions through standardization. The national standards enable providers to submit any transaction in the SAME format and coding to any payer in the country. Similarly, payer-initiated transactions with providers, such as remittance advices and referral authorizations, must share standard formats, under the new regulation.

Payers and providers will be able to substantially reduce administrative costs and processing delays created by redundancy, errors and the overall complexity and slowness of our current healthcare transactions environment. Virtually every healthcare organization will realize cost savings mounting into the thousands -- as well as other benefits -- every month following implementation.

For more information on the Transactions Reg, go to: http://www.hipaadvisory.com/action/tcs/

No. 20 (3/20/01)
HIPAAreg: Transactions: Not Just for Vendors

Many providers are ignoring the transaction reg, assuming that their clearinghouse or software vendor will take care of this one. However, the reg requires certain data to be maintained and transmitted.

For most providers, about 50% of the required data for the Institutional 837 Claim format is not currently collected or maintained electronically. And that's just one of the required transactions.

Here are a few of the required data elements you may not currently have in electronic form:

  • Pregnancy Indicator - May be in your clinical systems but not in your billing module.
  • Provider Taxonomy Code - A new classification system that will be required for all practitioner information included in the claim. It is used to codify provider type and provider area of specialization for all medical related providers.
  • Related Causes Code - Required when the claim is for an accident, employment related, due to abuse, etc.
  • Country Codes - Required whenever an address is outside the U.S. If your institution is a referral center for other countries you will need to report this code. Also, with more Americans traveling overseas, this code's use may increase (i.e., to report the site of an accident).

For more information, go to:
http://www.hipaadvisory.com/action/tcs/

No. 21 (3/28/01) TechTerm:
Firewalls - Further into the Ring of Fire

In one of our first HIPAAnotes, we defined "firewall." To briefly summarize, a firewall filters everything coming into your network and leaving your network. By doing this, it can protect your network.

A firewall can also provide an important logging and auditing function. The system can provide summaries of what kind of traffic is going through the firewalls and what/how many attempts have been made to break into your network.

As mentioned in our first firewall note, though, firewalls implement policy. First, you need to decide what type of access policy is appropriate for your organization. Then, choose the firewall solution which best suits your risk tolerance.

For more information on firewalls and other technology, go to:
http://www.hipaadvisory.com/tech/


Vol. 01 Archive Index

Go to TOP
HIPAAdvisory.com
Phoenix Health Systems
Copyright 2000-2006. All rights reserved.

HIPAAwareness

HIPAAcompliance

Privacy

Security

Transactions
& Identifiers

E-Health

HIPAA / LAW:
Legal Q/A

HIPAA / SECURE:
Security Q/A

HIPAAnote:
Byte of HIPAA

HIPAAlinks

HIPAAFAQ

Models, Samples
& Templates