Healthcare and it

Today’s economy is in critical condition. Almost anyone you ask will agree. Businesses are downsizing, while job seekers are coming up empty-handed. Those that are unemployed lack so much more than a salary. To lose a job is also to lose health insurance. What, then, can you do if you get sick on a tight budget and you have no insurance?

In 1996, the United States Congress addressed this dilemma via the Health Insurance Portability and Accountability Act, or HIPAA. The HIPAA consists of two parts, Title I and Title II. Title I provides insurance to those who lose or change jobs. Title II, deemed the Administrative Simplification (AS) provisions, monitors the use of patient information for the sake of privacy. Title II also promotes the use of an “electronic data interchange,” or an information sharing system.

More specifically, Title I provides several services. First, it seeks to provide insurance to those who have been affected by downsizing or a career change. Second, according to, “it amended the Employee Retirement Income Security Act, the Public Health Service Act, and the Internal Revenue Code.” The Employee Retirement Income Security Act maintains pension plan and federal income tax activity, while the Public Health Service Act provides certain health services to those in need. The Internal Revenue Code is not an act, but rather it governs the payment of US taxes.

Title II, the AS provisions, establishes how certain organizations can use your health information as well as how you can access it. Further, it addresses health care laws and what can happen to those who abuse the health care system. Finally, Title II aims to streamline the health care system via five rules, according to the Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifiers Rule, and the Enforcement Rule.

In April of 2003, the HIPAA enforced the Privacy Rule. As its name suggests, the Privacy Rule governs the use of Public Health Information, or an establishment’s health care data as it pertains to individuals. The Privacy Rule also emphasizes that establishments should disclose as little information as possible for the sake of treatment, payments and other such care. The rule also advocates accuracy and confidentiality, and allows for disclosure during cases of child abuse. Further still, establishments must stay informed and current on the laws that govern Publish Health Information. They must employ a Privacy Official as well as an individual trained to receive privacy complaints. Finally, establishments must train all employees in the lawful maintenance of public health information.

On July 1, 2005, after quite a bit of conflict, the HIPAA implemented the Transactions and Code Sets Rule. The first of those transactions is the EDI Health Care Claim Transaction set (837). This transaction specifies the use of most health care billing information, except in the case of pharmacy claims. Most often, the data moves from payer to provider, from payer to payer, or from payer to relevant organization. The second of these transactions is the EDI Retail Pharmacy Claim Transaction (NCPDP Telecommunications Standard version 5.1). This transaction regulates the use of data during pharmacy billing and services. The EDI Health Care Claim Payment/Advice Transaction Set (835) is another rule, which simply enables one to make a payment and submit an Explanation of Benefits (EOB). The forth installment is the EDI Benefit Enrollment and Maintenance Set (834). It allows employers, unions, and agencies to register individuals with a paying organization, including health insurance companies and government programs. Financial organizations use the EDI Payroll Deducted and other group Premium Payment for Insurance Products (820) to deliver payments to recipients. Further still, health care members can use EDI Health Care Eligibility/Benefit Inquiry (270) to acquire knowledge about benefits and eligibility. Upon inquiry, the relevant representatives can answer such questions via the EDI Health Care Eligibility/Benefit Response (271). Also, payers, providers and agents can inquire about the status of a health care claim as noted in the EDI Health Care Claim Status Request (276). To inform others of such a status, the same individuals should use the EDI Health Care Claim Status Notification (277). When appropriate, qualified associates can, according to the EDI Health Care Service Review Information (278), report, review and certify the outcome of health care services. Finally, as per, the DI Functional Acknowledgement Transaction Set (997) “can be used to define the control structures for a set of acknowledgments to indicate the results of the syntactical analysis of the electronically encoded documents.”

As health care evolves, individual privacy will remain a prominent concern. As such, the HIPAA appears to change steadily in the wake of such concerns. For example, within Title II of the HIPAA, one could interpret the Privacy Rule in a number of ways. Generally speaking, however, the Privacy Rule of Title II refers to any portion of one’s payment and medical records. As information exchange becomes more complex, it is possible that the parameters of HIPAA will similarly progress.

Dealing with HIPAA can be a complex process. As a result, some healthcare workers may be tempted to cut corners. But compliance from the medical community is absolutely mandatory. Institutions that support Medicare and Medicaid must meet HIPAA standards in order to provide service. To further emphasize compliance, the United States Congress enforces the Clinical Laboratory Improvement Amendments, which advocates prompt test results for patients. Furthermore, the more complex the medical test, the more facilities must adhere to the amendment. One can even find additional levels of compliance within State Survey Agencies, who regulate the standards for CLIA and Medicaid.

While the HIPAA may have been well intended, it does not always prove to be effective. Oscar May was the Chairman & Chief Business Development Officer at Quality Surgery Centers, LLC in Atlanta, Georgia. He doesn’t claim to be an authority on HIPAA, but is aware of some of the shortcomings of the system. For example, people can report HIPAA violations to the Department of Health and Human Services. But, as May states, “Initially the Department lacked aggressive enforcement action against hospitals, doctors or insurance companies for reported violations.” What’s more, he states, “It has also been pointed out that clinical research has been negatively impacted where patients have become reticent to respond to follow-up studies when queried, for fear that their personal data might be mishandled.” May suggests that facilities should exercise “strict adherence to the Patient Bill of Rights put forth under the Clinton Administration” and that Congress should reevaluate the way it spends money to “manage processes that appear to be less than adequate.”

Today, healthcare is so much more than doctors, patients and prescriptions. Medical services entail the use of private information, insurance companies and program providers. The medical community, in its entirety, must work to respect patient privacy while preventing fraud and abuse. The system means well but is laced with imperfection. Regardless, in the face of its flaws, one must think . . . you have to start somewhere.


Avernet, “Health Insurance Portability and Accountability Act.” 26 May 2009. 1 Jun 2009 <>.

“Certification & Compliance Overview.” CMS. 1 Jun 2009 <>.