HIPAA or the Health Insurance Portability and Accountability Act was put into effect in 1996. It is part of the Social Security Act. The primary reason for HIPAA’s creation was to adjust the flow of healthcare information, establish the procedure for maintenance of personally identifiable information that healthcare and healthcare insurance industries must secure, and give attention to the limitations on the coverage of healthcare insurance.
The privacy regulations require healthcare organizations and providers and their business associates to create and follow procedures to secure the security and confidentiality of all forms of protected health information (PHI) when it is received, transferred, shared, or handled. HIPAA also requires that only the minimum PHI needed to conduct business will be used.
Meaning of HIPAA
The Health Insurance Portability and Accountability Act, commonly known as HIPAA, has a significant impact on the healthcare industry in the United States. HIPAA has five titles that cover the portability of the health insurance of workers, and the electronic transmission of specific administrative data of patients, among others.
For the business associates of healthcare organizations and providers, what concerns them the most is the Administrative Simplification Act, or HIPAA’s Title II. To alleviate the public’s fear on data security, the government established the security and privacy rules to reinforce the transaction rules.
Implications of HIPAA on hospitals and physicians
Hospitals and physicians reviewed their operational processes to respond to the HIPAA requirements. They looked at how they store medical records, provide access to these records and databases, and their disclosure method regarding protected health information.
They revised their authorizations for releasing information. They created new documents to inform patients regarding the use of their PHI. Due to office automation of a practice or hospital, they needed to evaluate their infrastructure for network and data security, including electronic data transfer, code sets, billing applications, and compliance of third party providers they outsource. Under HIPAA, healthcare organizations and facilities cannot subcontract legal obligations.
Although healthcare organizations, health care providers, health plans, and patients expressed fear and confusion in the initial stage of HIPAA implementation, they soon realized that it gave them benefits. Advantages include a reduction in paperwork, standardization of data, particularly in coordinating insurance benefits and payments, easier reporting and filing of requirements, and maintaining the confidentiality and security of patients’ personal health information.
The four main objectives of HIPAA
HIPAA incorporates other legislative acts, such as the Health Information Technology for Economic and Clinical Health (HITECH) Act, Employee Retirement Income Security Act, and the Public Health Service Act.
It was introduced in 1996 for the following objectives:
- Insurance portability, meaning the insurance coverage of American workers and their families can be transferred and continued even if the workers lose or change their jobs.
- Reduce healthcare abuse and fraud.
- Provide industry-wide standards for healthcare information on various processes, especially electronic billing.
- Confidential handling and protection of patients’ protected health information.
HIPAA introduced various standards to boost the efficiency of the healthcare industry. It required healthcare organizations to comply with the rules for paperwork reduction. The use of code sets and patient identifiers helped in the efficient transfer of healthcare data for electronic healthcare transactions.
The code sets allow all related services to use the same codes, format, and language for time and cost savings.
For standard transactions, here are the code sets:
- For ancillary services procedures: Healthcare Common Procedure Coding Systems (HCPCS)
- For physician procedures. Current Procedural Terminology (CPT-4)
- For dental terminology. Code on Dental Procedures and Nomenclature (CDT)
- For hospital in-patient procedures. ICD-9-CM (diagnosis) and ICD-9-PCS, updated to ICD–10–CM and ICD–10–PCS 2003)
- For drug codes. National Drug Codes (NDC)
The code sets replace the long-form names of medical procedures and drugs. For example, when a patient is diagnosed with pneumonia, unspecified organism, the patient’s record will show the 2020 ICD-10 CM code J18.9. Among the latest additions are the new codes for COVID-19: U07.1 COVID-19, virus identified, and U07.2 COVID-19, virus not identified.
The label of the medicine you buy includes letters and numbers, such as NDC followed by four or five digits, including zeros, which indicate the name of the manufacturer, then four numbers for the product code, and two numbers for the package code. For example, for the bottle 100 capsules of Prozac 20mg made by Dista Products, the code is NDC-0077-3105-02.
Requirements for HIPAA compliance
A business associate of the HIPAA covered entities should be HIPAA compliant. The term refers to a company or organization that provides related services. A translation company that offers medical translation, medical interpreting, or medical transcription services is a business associate of a HIPAA covered entity.
One of HIPAA’s main objectives is to protect patients’ privacy and to ensure that all identifiable information is secured. HIPAA presents restrictions on the allowable uses and disclosure of patient PHI and makes sure that business associates maintain the security of electronic health data and control access to protected health information.
Protected health information includes the following:
- Patients’ names and addresses, including their zip codes
- Important dates such as birth, death, admission, and discharge
- Contact information (phone, fax, email)
- Social security number
- Medical record numbers
- Account numbers
- Health plan beneficiary numbers
- Certificate/License numbers
- Device identifiers and serial numbers
- URLs, IP addresses
- Vehicle identifiers and serial numbers, as well as license plates
- Full-face photographs
- Biometric identifiers, including voice and fingerprints
- Any other unique identifying characteristic, code or number
A translation company should require their medical translators, interpreters, and transcriptionists to undergo HIPAA training to receive certification. Moreover, the company should have security safeguards in place to ensure the confidentiality and security of PHI.
- Administrative safeguards such as security management processes, security training and awareness, information access management, business associate contract, and contingency plan evaluation.
- Physical safeguards, such as media and device control, workstation security, workstation use, and facility access control.
- Technical safeguards, such as access control on information, transmission security, entity or personal authentication and audit control.
Aside from these safeguards, a translation company should require their translators and interpreters to sign non-disclosure agreements (NDAs).
Partner with us at eTranslation Services. We are HIPAA-compliant
We assure you that here at eTranslation Services our security protocol to protect sensitive and confidential information about our clients and their projects is firmly in place. We adhere to the requirements of HIPAA regarding PHI protection. Our medical translators, interpreters, and transcriptionist are fully aware of the data security and sign non-disclosure agreements before working on a project. Anytime you need translations services, send us an email at [email protected] or call at (800) 882-6058.