What Is HIPAA and How Does It Impact the Practice of I-O
Practitioners vying for successful careers in the health and human services fields have to acclimatize to the ever- changing demands of managed care systems and federal regulations. The invariability of industrial change requires practitioners to be cognizant of not only the clinical needs, but also the legal needs of their clients. When facing the constraints of operating in myriad settings regulated partially or in totality by Managed Care Organizations (MCOs), it is understandable why practitioners should make concerted efforts to remain abreast of changes. “The mental health system was one of many affected by the belief that government was an inefficient producer, and that private organizations, operating under market conditions, were better suited to deliver quality services at low prices” (Donohue & Frank, 2000). Cost containment, efficiency and efficacy, legality, and ethics are commonplace facets practitioners are encouraged to be mindful of in the managed care arena.
Changes such as those made in the way health care information is handled on a daily basis, is the tenet of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). “In conjunction with HIPAA's new standards for the transmission of health information, the Department of Health and Human Services (HHS), anticipating concerns about the privacy of electronic communication, developed a separate privacy rule related to patient records” (American Psychological Association Practice Organization, n.d.). Privacy according to HIPAA refers to the application of effective policies and procedures and business service agreements to control the access and use of patient information. To initiate precursory and maintenance measures, practitioners should make continued strides to remain apprised of developments and changes in the transaction, privacy, and security Privacy Rules of the HIPAA law. “ Defining standards and transaction sets for transmitting or handling electronic claims, remittance, and eligibility information and standards for assuring and protecting the privacy or security of patient- identifiable information” (VantageMed, 2003) becomes the practitioner's duty (Centers for Medicare and Medicaid Services, 2004).
A multitude of procedures are followed preceding and concomitant with the implementation of HIPAA compliance guidelines. The scope of HIPAA is vast with paperwork and administrative simplification as the goal of the multifaceted law as consequences are applicable to all professionals in the healthcare industry. HIPAA requires psychologists to change some of the ways they conduct business and handle privacy issues. “HIPAA called for the creation of national standards and requirements for the electronic transmission of health information and forms” (American Psychological Association Practice Organization, n.d.).
The privacy Rule will require psychologists to provide information to patients about their privacy rights and explain how that information can be used; adopt clear privacy procedures for their practices; train employees so that they can understand the privacy procedures; designate someone to be responsible for seeing that privacy procedures are adopted and followed. If you are a solo practitioner, you could be that person; (and) secure patient records (American Psychological Association Practice Organization, n.d.).
HIPAA covers “standard formatting of electronic transactions for certain financial and administrative purposes, such as health care claims or inquiries about plan eligibility or coverage” (VantageMed, 2003). Security encompasses documented administrative procedures to guard data integrity, confidentiality, and availability. Physical safeguards for protecting data, and technical security processes and mechanisms to restrict data access and guard data transmitted over networks to reduce the likelihood of interception comprise the proposed security rule (American Psychological Association Practice Organization, n.d.). Noting the ubiquitous and elaborate components of HIPAA, it is resolute for practitioners to adhere to HIPAA and managed care demands as the consequences can disturb the practice of psychology.
According to the American Psychological Association (n.d.), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was sponsored by senators Nancy Kassebaum and Ted Kennedy and signed into law August 1996. HIPAA stemmed from the health-care reform of the Clinton administration. Congress voiced concerns regarding electronic formatting of all information exchanged between providers and payers. Title I of the HIPAA Health Insurance Reform Centers for Medicare and Medicaid Services (2004) protects health insurance coverage for workers and their families when they change or lose their jobs
. HIPAA was a imed at allowing the portability of health insurance by preventing insurers from imposing requirements about pre- existing conditions moving from one employer to another. In December 28, 2000 after Congress failed to enact the comprehensive health information privacy legislation required by HIPAA, the Secretary of Health and Human Services (HHS) created a Final Privacy Rule. April 14, 2003 was the compliance deadline (American Psychological Association Practice Organization, n.d.).
The four general categories of covered entities are health plans, clearinghouses, certain healthcare providers, and “w ith the passage of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (the “Act”), signed into law on December 8, 2003, a fourth category of HIPAA covered entity was created - namely, Prescription Drug Card Sponsors” (Fox, 2004 & United States Department of Health and Human Services, 2003 ). Specifically, the Act provides that the operations of an endorsed program are covered functions and a prescription drug card sponsor is a covered entity for purposes of applying the Administrative Simplification Requirements of HIPAA and all regulatory provisions disseminated under HIPAA. This requirement creates the fourth general category of HIPAA covered entity, i.e., Prescription Drug Card Sponsors. CMS clarified that functions of Sponsors outside the scope of the Program would not be HIPAA covered functions. However, if those other activities would make a Sponsor a health plan, clearinghouse or covered healthcare provider, then the Sponsor may otherwise be a HIPAA covered entity and subject to the HIPAA standards and requirements (Fox, 2004).
