Updated IHS HIPAA Coordinators: This links to the current IHS HIPAA Coordinators who are responsible for their respective Area in all aspects of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13402).
June 24, 2010
The IHS HIPAA Forms are approved by OMB w/expiration date 1/31/2013 and 508 compliant. These forms are now located on the left side of this page under the “Forms, Policies & Procedures” Section. Just click on this link and under IHS HIPAA Forms, click on the URL link.
June 24, 2010
This new link to the IHS Office of Information Technology – Division of Information Security contains useful security information for usage by Privacy staff responsible for the protection of health information that is collected or maintained by or on behalf of the Agency. Please click on this IHS Information Security link to access various operating procedures.
February 17, 2010
OCR has implemented important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking, as required by the Administrative Procedure Act. These provisions include: business associate liability; new limitations on the sale of protected health information, marketing, and fundraising communications; and stronger individual rights to access electronic medical records and restrict the disclosure of certain information. Although the effective date (February 17, 2010) for many of these HITECH Act provisions has passed, the NPRM and the final rule that follows will provide specific information regarding the expected date of compliance and enforcement of these new requirements. IHS has posted the new Business Associate Agreement that contains the HITECH Act provisions and the IHS Business Associate Agreement Questions and Answers Checklist. Please click on the Privacy Standards Link to access the IHS Business Associate Agreement.
- View the current IHS electronic Transaction Testing and RPMS for meeting HIPAA Electronic Transactions and Code Sets standards. Included with the status report are instructions for adding HIPAA required provider and location taxonomy codes to RPMS along with the RPMS Provider Taxonomy Cross-Walk Table.
- A HIPAA Compliance Packet is provided to assist Area and site level programs in meeting HIPAA Transactions and Code Sets standards.
- Minutes of conference calls addressing this issue are included as a reference for people who were not able to be on a call.
- IHS NOTICE OF PRIVACY PRACTICES (2007) COLORIZED PAMPHLET [PDF-561KB]
This links to the current colorized pamphlet IHS Notice of Privacy Practices (September 14, 2007) that was developed by the IHS HIPAA Privacy Compliance workgroup consisting of lawyers, health information management consultants and the IHS Privacy Act/HIPAA Privacy Officer.
- OCR HIPAA COMPLAINT FORM & INSTRUCTIONS [PDF-71KB]
This links to the HHS-Office for Civil Rights(OCR)-HIPAA Complaint Form, Instructions to where to file your complaint at the OCR Regional Office. It is your option to file your complaint directly with the IHS facility where you were treated BUT you may follow the link above to file your complaint directly with Secretary, U.S. Health and Human Services. Each IHS Area Office should have additional HIPAA Privacy information.
- IHS HIPAA Compliant Forms/Policies and Procedures
This links to the HIPAA Policy and Procedure Manual used by the IHS and the forms needed for procedures that require them. These were developed by a workgroup consisting of lawyers, health records personnel and privacy act officers. The Policy and Procedures were updated in September 2007 to be compliant with changes in the HIPAA regulations.
As passed by the United States Congress, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will institute administrative reforms that will be phased in over the period 2000-2003. Of major importance in the HIPAA legislation is the issue of data and transaction standardization-a mandate very few healthcare providers can sidestep if they bill third parties for services provided to patients. The law also changes the way health care providers have to protect the privacy of a patient's health information and contains security procedures that must be followed to protect the integrity of a patient's health information.
The Health Insurance Portability and Accountability Act (HIPAA) is also known as the Kennedy-Kassebaum bill. It was first proposed with the simple objective to assure health insurance coverage after leaving a job. Congress added an Administrative Simplification section to the bill (see the Department of Health and Human Services Administrative Simplification Web site
for more information).
The goal of the Administrative Simplification section of the bill was to save money. It was requested and supported by the health care industry because it standardized electronic transactions and required standard record formats, code sets, and identifiers.
The impact of Electronic Standardization, however, was that it increased risk to security and privacy of individually identifiable health information. After Congress did not provide legislation defining the privacy and security requirements of HIPAA, the Department of Health and Human Services (DHHS) was required to provide them.
There are currently four proposed or final rules from DHHS for HIPAA:
- Transaction and Code Set standards (Final)
- Privacy standard (Final)
- Security standard (Final)
- Identifier standards (Proposed)