Home | Login | How it Works | Benefits | HIPAA | HealthTech

 

HIPAA Compliance Readiness Statement
  • Overview
  • Definitions
  • Compliance deadlines for the Administrative Simplification
  • HealthTech HIPAA Compliance Program
  • Security and PHI
  • Transactions
  • Disaster Recovery Plan
  • Disclaimer and Contact
    		•
    Overview
    The Health Insurance Portability and Accountability Act of 1996 Public Law 104-191 ("HIPAA") was passed by Congress with the intend to reform the insurance market and simplify health care administrative. Specifically the HIPAA Administrative Simplification is aimed at reducing the costs and administrative burdens of health care by adopting and requiring the use of standardized, electronic transmission of administrative and financial transactions. The Administrative Simplification also imposes requirement for the protection of private health information.

    As a covered entity, as defined by HIPAA sections 160.102 and 160.103, HealthTech is dedicated to attaining HIPAA compliance by the deadlines as provided by the regulation.

    Furthermore, as a service provider, HealthTech welcomes the opportunity to play a strategic role in the implementation of HIPAA and to assist providers of all sizes and all levels of technology in their efforts to reach and sustain HIPAA compliance.
    Top
     
    Definitions
    Covered Entity
         45CFR160.103

    Covered entity means one of the following:
  • A health plan.
  • A health care clearinghouse.
  • A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter.
    • Health Care Clearinghouse
         45CFR160.103
    Health care clearinghouse means a public or private entity that does either of the following (Entities, including but not limited to, billing services, repricing companies, community health management information systems or community health information systems, and "value-added" networks and switches are health care clearinghouses for purposes of this subchapter if they perform these functions.):
  • Processes or facilitates the processing of information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction.
  • Receives a standard transaction from another entity and processes or facilitates the processing of information into nonstandard format or nonstandard data content for a receiving entity.
    Top
    		•
     
    Compliance deadlines for the Administrative Simplification
    As of March, 2008
    Submission of compliance extension form for Electronic Health Care Transactions and Code Sets October 15, 2002
    Electronic Health Care Transactions and Code Sets compliance date - except for covered entities who have filed the extension and small health plans October 16, 2002
    Privacy - all covered entities to the exception of small health plans April 14, 2003
    Electronic Health Care Transactions and Code Sets Testing - all covered entities must have started software and systems testing April 16, 2003
    Electronic Health Care Transactions and Code Sets - all covered entities who had filed for an extension by October 15, 2003 and all small health plans October 16, 2003
    Privacy - small health plans April 14, 2004
    Employer Identifier Standard - all covered entities except small health plans July 30, 2004
    Employer Identifier Standard - small health plan August 1, 2005
    Top
     
    HealthTech HIPAA Compliance Program
    HealthTech has developed a comprehensive HIPAA Compliance Program in order to ensure compliance by the deadlines. This program addresses the Privacy rule as well as the Security Rule (i.e., Administrative, Physical Safeguards, Technical Security Measures and Technical Security Mechanisms). The program is presented below in its various stages of completion:

    As of March, 2008
    Appointment of HIPAA Compliance Officer Completed Filing of Extension form for Electronic Health Care Transactions and Code Sets Completed Development of training material Completed Gap Analysis Completed Disaster Recovery Plan strategy Ongoing Development of translation tools from non-compliant to compliant transactions for all formats currently supported Completed Development of translation tools from compliant to non-compliant transactions for all formats currently supported Completed Testing with Third Party for ANSI format Completed Training session for HealthTech personnel Completed Development of Policies and Procedures Completed Business Associate Agreement Completed
    Top
     
    Security and PHI
    Protected Health Information (PHI)
         45CFR164.501
    Protected health information means individually identifiable health information:
    • Except as provided in paragraph (2) of this definition, that is:
      • Transmitted by electronic media;
      • Maintained in any medium described in the definition of electronic media at §162.103 of this subchapter; or
      • Transmitted or maintained in any other form or medium.
    • Protected health information excludes individually identifiable health information in:
      • Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
      • Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
      • Employment records held by a covered entity in its role as employer.
    re protection of PHI, we have built and implemented our security solution with Internet Explorer 5.0+, Windows 2000, SSL, and a proprietary component (AspEncrypt). This tight integration allows us to provide:
  • Authenticated Logon.
  • Control over Access/Privileges to personal information
  • (SIDs) Personal Security Identifiers
  • Secure end to end Transmission of information
  • File integrity

    • Internet Explorer gives us a secure client-side environment to work in and thru an authenticated logon, allows only valid users to access our services. With windows 2000 your information is specially protected through industry standard security mechanisms and policies like the strict 'Principle of Least Possible Privilege' that governs clients and employees access to company systems and information. We have incorporates SSL to provide a secure end-to-end Transmission of data from the clients machine to our network servers. And, to ensure the users identity, if they are inactive for an extended period of time, the site will log them off and he or she will need to reenter their Username and Password.

    Data is kept secure and private. We secure data files by encrypting and storing them on our servers. By encrypting files, we have significantly reduced the risk of unwanted eyes peering though data. Only our proprietary components have the ability decipher the encrypted data. This encryption also provides data integrity, which prevents any malicious attempt to manipulate the data that we have received from the submitter. As an added measure for non-repudiation, we track and log all user and employee transaction via (SIDs) Security Identifiers. Each user and employee is issued a SID, which uniquely identifies him or her in our system.

    It is the policy of the HealthTech to encrypt the transmission of all personal or financial Web-based information that is transmitted between our site and your browser. The security standard SSL (Secure Sockets Layer) is used to implement this. SSL is the leading standard for securing World Wide Web transmissions.
    Top
     
    Transactions
    ANSI (American National Standards Institute) is an organization that accredits various standards-setting committees (i.e. ICD-9 and HCPCS). ANSI has accredited a group called X12 that defines EDI standards for many American industries, including health care insurance. Most of the electronic transaction standards mandated or proposed under HIPAA are X12 standards.

    HealthTech has successfully tested with a third party vendor and is able to send and receive the following HIPAA compliant transactions:
    • Health Care Claim (837)
    • Health Care Payment/Advice (835)
    • Health Care Eligibility/Benefit Inquiry (270)
    • Health Care Eligibility/Benefit Information (271)
    • Health Care Status Request (276)
    • Health Care Status Notification (277)
    • Health Care Service Review Information (278)
    • Benefit Enrollment and Maintenance (834)
    • Payment Order/Remittance Advice (820)

    HealthTech will continue to support non-standard format (NSF, Print Image, Text files, etc.) after the October 16, 2003 deadline, as provided by the legislation.
    Top
     
    Disaster Recovery Plan
    The HealthTech site is hosted at Net-fire INC. - the second largest server farm in the country. Their state-of-the art backup and recovery procedures allow them to boast a 99.992 % uptime. In addition to the Net-fire backup and recovery procedures, HealthTech has its own backup and recovery procedures, tested the last weekend of every month.

    When a provider file is uploaded to the HealthTech website, a copy of the encrypted file is immediately moved it to a backup server. Nightly, backup copies of the database are made. We estimate that we could retrieve these copies and be operational within 2 days if needed. The data that would have been processed after the last backup can be reprocessed and applied to the database within 30 minutes.
    Top
     
    Disclaimer and Contact
    The above information does not constitute any warranties of any kind and is provided for informational purposes only.

    In the event that you need further information, please do not hesitate to contact HealthTech’s HIPAA Compliance Officer:


    Martin Taylor |  Vice President
    HealthTech, LLC
    Practice Management & Medical Billing Solutions

    Toll Free : 800.593.0593
    Local : 713.781.0000
    Fax : 281.293.7802
    www.healthtechamericas.com

    Top
    Copyright © 2009 HealthTech LLC. All rights reserved. Website designed by HealthTech LLC.