Introduction - Business Continuity and HIPAA Business Continuity Management in the Health Care Environment [Electronic resources] نسخه متنی

Introduction

On August 21,1996 the Health Insurance Portability & Accountability Act (HIPAA) became a law. The purpose of this act is to provide US citizens with better access to health insurance, limit fraud, and reduce healthcare companies' administrative costs. At the highest level, HIPAA is a set of government-mandated standards for business to business healthcare e-commerce. It mandates standard electronic transactions with standard code sets using standard identifiers in a secure environment.

HIPAA is the result of the convergence of healthcare cost pressures, available web technologies, and growing demands by consumers. By enacting this legislation, congress has established a standard basis or framework for the healthcare industry to embrace the economies of e-business.

Within HIPAA are five primary components identified as Titles I, II, III, IV, and V. Title II, or Administrative Simplification, is the component of HIPAA containing, among other elements, the requirement for business continuity planning. Visually, the breakdown of the HIPAA components is as follows:

Title I guarantees health insurance access, portability, and renewal. It eliminates some pre-existing condition exclusions. It prohibits discrimination based on heath status. It guarantees coverage renewal.

Title II prevents health care fraud and abuse, promoting administrative simplification. Within Title II are fraud and abuse controls, procedures for administrative simplification, and medical liability reform.

Title III addresses medical savings accounts and health insurance tax deductions for self-employed individuals.

Title IV provides for the enforcement of group health plan provisions.

Title V addresses revenue offset provisions.

What has caused HIPAA to occur at this point in time? In 1991, it was estimated that one quarter of the total cost of healthcare was attributable to the cost of administration^[1].

In 1995, over 5 billion claims a year were filed in the US with less than 20% submitted electronically^[2]. Over 400 different formats are used to file electronic claims^[3]. By streamlining this process, it is estimated that $9 billion annually could be saved without impacting the quality of care^[4]. The time had come when these economic forces could not be ignored.

HIPAA is the most sweeping legislation to affect the health care industry in over 30 years. It is anticipated that large health plans will have to spend $50 to $200 million to become HIPAA compliant. Nearly everyone in healthcare will need to comply: payers, employers, providers, clearinghouses, healthcare information systems vendors, billing agents, and service healthcare organizations.

Who is affected? The answer is health plans, providers, health care clearing houses, and some others. Health plans include individual or group plans that provide or pay the cost of medical care. It also includes employers who self-insure. Providers include a provider of medical or other health services and any other person furnishing health care services or supplies. Health care clearing houses are public or private entities that process or facilitate the processing of nonstandard data elements of health information into standard data elements. Finally, the "other" category which includes employers who want to do data mining and pharmaceutical companies that conduct clinical research.

^[1]New England Journal of Medicine, 1991 "The Deteriorating Administrative Efficiency and the US Health Care System", Woolhandler and Himmelstein

^[2]EDO, A Guide to Electronic Data Interchange and Electronic Commerce Applications in the Healthcare Industry, Moynihan and McLure.

^[3]Standards for Electronic Transactions, Federal Register, Vol 63, No 88.

^[4]Administrative Simplification Website, Health and Human Services, http://aspe.os.dhhs.gov/admnsimp/kkimpl