HIPAA Resources
Delay of NPI Registry
The NPI registry that was expected to be posted on the CMS Web site today, August 1, 2007, has been delayed. The following message appeared on the CMS Web site this afternoon: CMS is delaying the deployment of the NPI Registry and the dissemination of FOIA-disclosable health care provider data from the National Plan and Provider Enumeration System (NPPES). Additional information will be forthcoming on the CMS web page.
CMS Announces One Year NPI Contingency Plan
CMS has released a series of modules to assist you in obtaining a NPI. View the NPI Training Package here.
What is the National Provider Identifier?
In a regulation published in January 2004, the Department of Heath and Human Services explained that it intends to establish a national provider system (NPS) to administer national provider identifiers (NPI). The NPI will be a 10-digit numeric identifier used in place of other identifiers (e.g., Medicare number, UPIN) for all health care transactions.
All providers that conduct electronic transactions must have an NPI by May 23, 2007. A physician who does not conduct electronic transactions may acquire an NPI but is not required to do so.
What Is HIPAA?
In 1996, Congress changed the way medical practices deal with patients' medical records. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) makes it mandatory to comply with the Privacy and Security Rules.
The passage of HIPAA gave the Federal Government the ability to mandate how health care plans, providers, and clearinghouses store and transmit individuals' personal information as it relates to the administration, provision, and payment of health care.
Overview
The Privacy Rule
The Privacy Rule essentially controls the use and disclosure of what is known as protected health information (PHI). Many of its applications are just common sense. Others are more complex, giving patients a great deal of flexibility in the knowledge of what's in their medical record and how that content is used. Patients can now control the disclosure of their protected health information to certain entities. The Privacy Rule deadline was April 14, 2003.
The Security Rule
The Security Rule focuses on the ability of covered entities (including medical practices) to protect and safeguard the confidentiality of medical information. It is similar to The Privacy Rule but more complex in its impact on medical practices in areas specific to the transmission, storage, and receipt of data. Make no mistake, your practice's computer network, who has access to it, and the methods you use to store and handle data will come under close scrutiny. The Security Rule deadline was April 21, 2005.
Electronic Transactions
The Transaction and Code Sets Standards (TCS) deals primarily with electronic transactions. Claims submitted electronically must comply with these regulations. Failure to comply can result in monetary penalties or exclusion from Medicare. The TCS deadline was October 16, 2003.