Employer
Broker
Member
Provider
HIPAA


AmeriHealth Administrators:
A HIPAA Project Update

Electronic Transactions and Code Sets
On behalf of our clients’ self-funded health plans, which are Covered Entities, AmeriHealth Administrators is ready to receive and send electronic transactions in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). While the HIPAA regulations allowed Covered Entities to extend their compliance date from October 16, 2002 to October 16, 2003, AmeriHealth Administrators, as a Business Associate to Covered Entities, maintained our corporate commitment to be ready by the original compliance date. We have completed all internal system changes and processes to handle the required electronic transactions and have started external testing of these transactions.

HIPAA is dramatically affecting all health care organizations and will touch most customers and employees of AmeriHealth Administrators. HIPAA regulates many aspects of health care, including access, portability and renewability requirements when consumers change jobs (“health insurance portability”), and the way patient information is treated (“Administrative Simplification”).

The electronic transactions and code sets provisions of HIPAA were established to:

  • Standardize the methods that insurance companies and other health care organizations use when performing electronic transactions, such as the submission of claims; and
  • Standardize the code sets used in electronic transactions so, for example, a health care provider will use one code for all claims for a specific procedure.

HIPAA requires that all Covered Entities must be able to perform transactions electronically if requested by another Covered Entity, i.e. a health care provider, a health care clearinghouse, or a health plan, and that transactions must use a standard “HIPAA-compliant” format. Examples of transactions that fall under this regulation include enrollment records, premium payments, claim submissions, and claim payments. Covered Entities that filed a one-year extension must begin testing for compliance by April 16, 2003.

After October 16, 2003, AmeriHealth Administrators will no longer accept or process non-HIPAA compliant electronic transactions.

Am I a Covered Entity?
Click here to go to CMS’s Covered Entity Decision Tools to find out if an individual, business or government entity is a Covered Entity.

Identifiers
HIPAA will create unique identifiers to promote uniformity and security in electronic transactions among Covered Entities. Identifiers are classified as: national provider identifier, national employer identifier, and national health plan identifier. The final rule for the National Employer Identification Standard was effective July 30, 2002, and, in general, Covered Entities must be in compliance within 24 months after the effective date. The proposed rule for the National Provider Identifier was issued in May 1998 and has not yet been finalized. A proposed rule on a National Health Plan Identifier is still in development.

Privacy & Security
On August 14, 2002, the Department of Health and Human Services (“HHS”) released modifications to the final HIPAA privacy regulations (the “Privacy Rule”). HHS considered an estimated 60,000 comments before issuing the final Privacy Rule. All Covered Entities (group health plans, providers, and health care clearinghouses) are required to be compliant with the Privacy Rule by April 14, 2003.

The Privacy Rule protects certain individually identifiable health information, and allows an individual access to his or her medical records, while not creating care and treatment obstacles. It applies to information that is transmitted electronically, orally, or on paper. For the complete regulation, visit www.hhs.gov/ocr/hipaa/finalreg.html.

The proposed HIPAA security regulation was issued in August 1998. It is expected that the final security regulation could be released in early 2003. In general, the compliance date would be 24 months after the effective date of the final regulation.

AmeriHealth Administrators has formulated a Privacy and Security Project Team to ensure that, as a Business Associate to Covered Entities, we can continue to support our clients’ self-funded plans. The Project Team is reviewing corporate policies and procedures, and the impact of the Privacy Rule and proposed security regulation on how we do business with customers, brokers, and other external business entities. The Project Team is also designing a program to train the AmeriHealth Administrators workforce on how the Privacy Rule and proposed security regulation will affect the way they do their jobs. AmeriHealth Administrators is assessing business contracts to identify relationships that will require amendments, and will continue to communicate with entities about the impact of the Privacy Rule and proposed security regulation.

Click here for links to more information about HIPAA

 

ah_ad_copyright.gif (2461 bytes)

  Legal Information | Internet Privacy Statement