Questions & Answers About HIPAA

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is legislation enacted by the federal government to:

  • Ensure health insurance portability
  • Reduce health care fraud and abuse
  • Guarantee the privacy and confidentiality of health information
  • Simplify the administration of health care systems
Who must comply with HIPAA?

Health plans, health care clearinghouses and health care providers who engage in electronic transactions must comply. These are known as "covered entities". To a lesser degree, employers and business associates of covered entities are also affected.

What is HIPAA Title II?

There are five components or Titles of HIPAA. HIPAA Title II, sometimes called Administrative Simplification, has two primary areas of regulation:

  • Implementation of controls to protect an individual's health; and
  • Standardization of health-care related electronic transactions.
What are some of the benefits of industry-wide implementation of HIPAA Title II?

In the longer term, HIPAA compliance throughout the health care industry will result in:

  • enhanced privacy and security of an individual's personal health information
  • provider and health plan overhead cost reductions through standardization
  • more consistent processes among health plans as electronic formats and values will be uniform throughout the health care industry
  • simplification of data submission through standardized transactions and code sets
  • availability of a new option for submitting authorizations and referrals that allows transmission of multiple referrals and authorizations in standardized formats
  • additional options for online and batch inquiries provide an alternative to send multiple claim inquiries in one file and to receive a timely response on the status of each requested claim
What are the HIPAA compliance dates?
  • April 2003 - Privacy Rule
  • October 2002, October 2003 with Extension - Standard Transactions and Code Sets Rule . Cigna HealthCare filed for the October 2003 extension.
  • July 2004 - National Employer Identification Number
  • April 2005 - Security Rule
  • May 2007 - National Provider Identifier (NPI) (NPI Contingency Period expires 5/23/2008).
How is Cigna HealthCare meeting its compliance goals?

We have made a significant investment in HIPAA and plan to continue this investment. We have put a dedicated team in place working on the implementation of the HIPAA regulations. The team includes project managers, legal counsel, information management and technology personnel and representatives from our business operations. The team has established a detailed work plan that includes an end-to-end analysis of our organization, as well as implementation of changes necessary to support compliance with these regulations.

How will state regulations impact HIPAA as they relate to providers?

Privacy: State laws that are more stringent than the HIPAA privacy provisions may impose additional obligations on covered entities.
Transaction & Code Sets: Federal HIPAA regulations prevail.

What Should Providers Do to Become HIPAA Compliant?

Cigna HealthCare is recommending the following steps for providers:

  • Consult with trusted legal counsel that is familiar with the HIPAA Privacy Rule and the Transaction and Code Sets regulations.
  • Contact your Clearinghouse and obtain their recommended steps to become HIPAA compliant.
  • Ask your Practice Management Software vendor for their plan on converting to a HIPAA compliant version of your software. There may be a cost to you to obtain this software upgrade.
  • Don't wait until the last minute to find out what your office needs to do to become HIPAA compliant.
  • Review your current billing procedures and revised as needed to assure that you will be ready to bill with compliant codes and medical code sets by the compliance date.
  • Be prepared for discussions with your Cigna HealthCare contracting partners regarding contracting and reimbursement fees/schedules. Contracts may need to be renegotiated to assure that they do not contain non-compliant codes.

Please note that this affects only providers utilizing electronic submission for claims, inquiries, referral certification and Authorizations.

How is Puerto Rico business affected?

The HIPAA regulations fully apply to covered entities operating within Puerto Rico.