HIPAA FAQs*

*Frequently Asked Questions

What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, which contains two basic sections. The first section, which has already been fully implemented, deals with portability of health insurance, and protecting the ability of people with current or pre-existing medical conditions to get health insurance.

The second section, Administrative Simplification, contains a number of sweeping changes aimed at:

  1. Improving the efficiency in health care delivery by standardizing electronic data interchange.
  2. Protecting confidentiality and security of health care data.

What are the three major rules of HIPAA?
The HIPAA administrative simplification rules are actually three different rules that each went through separate rule-making processes.

  1. Standardization of Electronic Transactions and Code Sets
  2. Standards for Protecting the Privacy of Patient Health Information
  3. Security Standards

These three rules essentially go hand in hand. Taken together with the public’s comments, they are approximately 2,000 pages in length.
Standardization of Electronic Transactions and Code Sets
This rule simplifies and standardizes the exchange of patient information electronically by creating standard transaction forms. The effective date for this rule was October 16, 2002, with the option to file for a one-year extension to October 16, 2003.
Standards for protecting the Privacy of Patient Health Information
This rule protects the privacy of personal health information and places many administrative requirements designed to ensure privacy on health care providers. Examples of these requirements include providing your patient a Notice of your Privacy Practices, controlling physical access to patient information such as storing medical records in a secure place, developing written privacy policies and procedures, appointing a privacy officer, and having business associate contracts with your business associates. The compliance date for this rule was April 14, 2003.
Security Standards
This rule imposes standards for the security of all personal health information that is maintained electronically. The final rule was published on February 20, 2003. The compliance date is April 21, 2005.
When do I have to comply with these rules?
Your organization must implement all of the requirements of each of the rules by the following compliance dates:

  • Transactions and Code Sets: October 16, 2002 (October 16, 2003, if you file for the one-year extension)
  • Privacy Rule: April 14, 2003
  • Security Rule: April 21, 2005

What should I be doing now to comply with HIPAA?
By now you should have all your Privacy policies and procedures fully in place. Your comprehensive privacy program should include:

  • providing all your patients your Notice of Privacy Practices
  • having each of your patients sign an Acknowledgement of Receipt of your Notice of Privacy Practices
  • training all of your employees about the requirements of the HIPAA Privacy Rule
  • keeping a record of business associate contracts (by now, you should have negotiated business associate contracts with each of your business associates)
  • identifying all new business associates and negotiating business associate contracts with them
  • conducting HIPAA-compliant electronic claims transactions

I don’t have my privacy program in place; what should I do?

  • AOPA HIPAA Compliance Guide
    AOPA’s HIPAA Compliance Guide was completed last May and is available for those who are still working on their compliance program. The Guide, which is on a CD, contains a complete discussion of the three HIPAA Rules, the required forms (Patient Consent, Patient Authorization, a sample Notice of Privacy Practices, a sample Business Associate Contract, Written Acknowledgment of Receipt of Notice of Privacy Practices), and the required Office Policies and Procedures.
  • AOPA HIPAA Security Guide
    AOPA’s HIPAA Security Guide features detailed explanation of the Security Standards as well as samples of all of the policies and procedures you will need to create and implement in order to meet these Standards.
  • Special Offer!
    Buy AOPA’s HIPAA Compliance Guide and HIPAA Security Guide together and save!
  • O&P Almanac and AOPA in Advance
    AOPA publishes in-depth articles on selected HIPAA topics and updates on HIPAA rules in the O&P Almanac and our members-only, biweekly newsletter, AOPA in Advance. Not an AOPA member? Join today and start receiving AOPA in Advance!