Numerous offences relating to health care are defined under Title II of the Health Insurance Portability and Accountability Act of 1996 and sets civil and criminal liabilities for them. However, the most significant provisions of said portion of HIPAA are its Administrative Simplification Rules that mandates the Department of Health and Human Services to draft rules that would increase the efficiency of the health care system and create standards for the dissemination and use of health care information. The HHS accordingly promulgated five HIPAA Rules regarding Administrative Simplification, namely: Privacy Rule; Security Rule; Transaction and Code Sets Rule; Unique Identifiers Rule; and, Enforcement Rule. These rules apply to so-called Covered Entities that generally refer to health plans, health care clearinghouses and health care providers that transmit HIPAA regulated health data.
The HIPAA Rules on Privacy regulates the disclosure and use of Protected Health Information held by Covered Entities. Any information held by a covered entity concerning the status of health, the provision or payment of health care that can be linked to an individual form part of the PHI which can be interpreted rather simply and broadly as any portion of the medical record or payment history of an individual.
The HIPAA Rules on Security specifically deals with all Electronic Protected Health Information. It complements the Privacy Rule which refer to all Protected Health Information to include both paper and electronic based. The Security Rule prescribes three types of security safeguards that covered entities should comply with, namely: administrative, technical and physical safeguards.
The HIPAA Rules on Transaction and Code Sets prescribe the standard key EDI transactions that medical providers must follow in electronically filing their claims for payment, as follows: EDI Health Care Claim Transaction Set; EDI Retail Pharmacy Claim Transaction; EDI Health Care Claim Payment/ Advice Transaction Set; EDI Benefit Enrollment and Maintenance Set; EDI Payroll Deducted and Other Group Premium Payment for Insurance Products; EDI Health Care Eligibility/ Benefit Inquiry; EDI Health Care Eligibility/ Benefit Response; EDI Health Care Claim Status Request; EDI Health Care Claim Status Notification; EDI Health Care Service Review Information; and, EDI Functional Acknowledgement Transaction Set.
The HIPAA Rules on Unique Identifiers prescribes a National Provider Identifier that is unique and national to identify covered health care providers in standard transactions. The NPI replaces all other identifiers used by Medicare, Medicaid, health plans and other government programs.
The HIPAA Rules on Enforcement prescribes civil monetary penalties for violation of HIPAA Rules and sets procedures for investigations and hearings for HIPAA violations.