Compliance - Health Insurance Portability and Accountability Act (HIPAA) Executive Summary


Background


  • Law: Public Law 104-191
  • Signed: August 21, 1996
  • Effective date of the law: July 1, 1997

Overview

In short, HIPAA was designed to:

  • Improve the portability of health insurance coverage in the group and individual markets.
  • Limit healthcare fraud and abuse.
  • Promote the use of medical savings accounts.
  • Improve access to long-term care services and coverage.
  • Simplify the administration of health insurance.

these five, the last – administrative simplification – is perhaps the most critical for healthcare information managers. Specifically, HIPAA aims to achieve this administrative simplification by:

  • Establishing standardized code sets for financial and clinical electronic data interchange (EDI) transactions to enable information flow;
  • Mandating adoption of security standards to preserve the confidentiality of patient records; and
  • Creating unique identifiers for the four constituents in healthcare — payers, providers, patients and employers — to simplify the administrative challenge of maintaining and transmitting clinical data across disparate episodes of patient care.

Key Provisions: Pre-Existing Conditions

Limits group insurers´ rights to deny or limit enrollment on the basis of pre-existing medical conditions, which should improve the portability of health insurance coverage.

  • Eliminated pregnancy as a pre-existing condition
  • Mandated coverage of newborns or newly adopted children enrolled within 30 days of birth or adoption.
  • Set maximum amount of time (12-months) that group health insurance plans, HMOs or self-insured plans (ERISA plan) could bar someone on the basis of a pre-existing condition. This exclusion period is reduced by the amount of time a person previously had continuous coverage through other private insurance or public insurance programs.
  • Allowed insurers to charge more for groups containing several persons with pre-existing conditions.
  • Allowed the Internal Revenue Service (IRS) to penalize health plans $100 per day for each enrollee affected by failure to comply with the new law's portability, anti-discrimination and guaranteed renewability provisions.

Key Provisions: Small group protection:

Insurers cannot deny coverage to small employers (two to 50 workers) but may charge for groups with higher health costs.

Group-to-individual coverage protection: Insurers must offer individual coverage to a person losing group coverage if the individual:

  • Had 18 continuous months of prior coverage under a group health plan;
  • Has exhausted COBRA coverage; or
  • Is ineligible for coverage through government programs such as Medicare or Medicaid.

Key Provisions: Non-Discrimination and Renewability

Non-DiscriminationGroup health plans and employers cannot deny coverage for an individual and his/her dependents on the basis of health status, physical or mental medical condition, claims experience, genetic information, disability or domestic violence.

Guaranteed renewability: Insurers must offer to renew group and individual policies except for non-payment of premiums, fraud or because the plan no longer offers coverage in a geographic area.

Key Provisions: Limited liability for volunteer health workers:

Healthcare providers serving gratis in such facilities are deemed to be employees of the U.S. Public Health Service, thereby limiting their professional liability exposure. This is a good-Samaritan type of protection for volunteer work in non-profit, free health clinics.

Executive Summary Cont: Administrative simplification:

The Secretary of Health and Human Services will establish standards to enable most health records and financial transactions to be exchanged electronically. Unique identifiers would be created for users, purchasers, and suppliers of healthcare services. The electronic standards will be developed, adopted, and modified by a national standard setting group. Standards will be developed for the electronic transmission and authentication of signatures. System security procedures must be developed. Initial standards for the electronic transmission of healthcare transactions must be promulgated within 18 months of the new law's enactment. Users not complying with the new electronic standards will be subject to a $100 fine per failure to comply; the total fines in a calendar year may not exceed $25,000. A person who discloses individually identifiable health information may be fined $50,000, imprisoned for a year, or both. If such a disclosure is under false pretenses, the offender may be fined $100,000 and imprisoned up to five years. If the disclosure is for malicious purposes or commercial advantage, the offers may be fined $250,000 and imprisoned up to 10 years.

Executive Summary Cont: Medical savings accounts (MSAs):

Individual contributions to MSAs are deductible from personal income taxes. Employer contributions to MSAs are not included in an individual's taxable income. MSA earnings are not taxable. Distributions from an MSA for medical expenses are not taxable. Non-medical distributions from the MSA are subject to taxation, and would be subject to an additional tax penalty of 15 percent unless made after age 60, the onset of disability, or death. Money in the MSA after the holder's death is included in his or her estate.

No more than 750,000 individuals can participate in the MSA program at this time. New MSAs cannot be opened after December 31, 2000, unless Congress chooses to expand the program. The General Accounting Office (GAO) must prepare a report for Congress describing how MSAs affect the usage of preventive healthcare services, the scope of coverage, premium costs, adverse selection in the small group insurance market, and so forth. The Treasury Department must report to Congress on whether the use of MSAs generates federal savings.

Executive Summary Cont: Tax Benefits:

Tax Deductibility for the Self-Employed:An increase to 80 percent in the tax deduction for the health insurance premium payments of self-insured persons would be phased in between 1997 and 2006.

Tax Deductibility of Long-term care insurance: Premiums for long-term care insurance would be treated as deductible expenses. Up to $175 per day, or $63,875 per year, of payments from long-term care policies would not be included in personal income. These new standards would also apply to life insurance riders designed to provide long-term care benefits.

Income tax exemption: Organizations formed to provide medical care for the uninsurable on a not-for-profit basis, and organizations established before June 1, 1996 solely to reimburse its members for losses arising from workmen's compensation acts, are deemed tax-exempt.

Executive Summary Cont: Other Provisions:

Accelerated Death Benefits Amounts that terminally ill or chronically ill policy holders cash out from their life insurance policies will be excluded from income and treated as a death benefit.

Individual Retirement Account (IRA) distributions for medical purposes: No tax penalties will be imposed if IRA proceeds are used to pay the health insurance premium of an unemployed individual.

Organ and tissue donations: A statement promoting organ and tissue donations will be included with federal income tax refunds.

Miscellaneous: Revenue offsets to cover the federal costs of this new law will be generated by federal taxes imposed on persons renouncing their U.S. citizenship for tax advantages, and a variety of tax revisions affecting financial institutions.

Key Provisions: Fraud and abuse control program:

The HHS Inspector General and U.S. Attorney General will issue written advisory opinions and special fraud alerts to provide guidance to healthcare providers on whether or not proposed conduct breaks the law. These advisory opinion requests must be answered with 60 days of receipt, and the Secretary may charge a fee to cover the cost of preparing the opinion. The advisory opinions shall cover proposed actions applicable to most government health programs, not just Medicare and Medicaid, and include proposals to form physician-sponsored networks.

The HHS Secretary will establish a program to coordinate federal, state, and local programs to control health plan fraud and abuse. A Health Care Fraud and Abuse Control Account, financed by fines, civil penalties, assessments, forfeitures, criminal penalties and damages imposed in healthcare cases, will be established in the Medicare Part A Trust Fund to support activities of the new program. Congress authorized an additional $104 million in Fiscal Year 1997 for the fraud and abuse account, this amount to increase 15 percent annually through Fiscal Year 2003.

In most federal fraud and abuse cases, civil monetary penalties are raised from $2,000 to $10,000. New practices are added to the list of outlawed activities, such as engaging in a pattern of upcoding to obtain higher payment. A physician who falsely certifies a person as eligible for home healthcare will be fined up to $5,000. Criminal penalties will be imposed for knowingly and willfully defrauding any health benefits program.

The HHS Secretary will establish a fraud and abuse data collection system for reporting final, adverse actions against healthcare providers, suppliers, or practitioners. Final adverse action includes civil judgments, a federal or state criminal conviction for a health offense, or actions by agencies responsible for medical licensing or certification. The term does not include malpractice, or settlements in which no finding of liability are made. Information supplied includes the name and tax identification number of a person subject to an adverse action, the name of any healthcare group with which the person is associated, the final action and whether it is on appeal, and a description of the evidence on which the final action is based. Procedures must be developed for protecting the privacy of healthcare consumers involved in cases reported in the system. System data will be reported on demand to healthcare providers, suppliers, and practitioners.

Medicare fiscal intermediaries and carriers will no longer conduct fraud and abuse monitoring or prevention activities. Qualified entities will perform activities to promote Medicare integrity, such as reviewing provider services, auditing cost reports, conducting provider and enrollee education on payment and quality assurance, and updating the list of durable medical equipment items subject to prior authorization. A consumer suggestions program will be established to encourage people to submit ideas for improving Medicare efficiency; the Secretary could reward people whose suggestions are adopted.