Talk:Health Insurance Portability and Accountability Act/Archives/2013

Administrative Simplification Rule
There is no "Information Standardization Provision" in HIPAA. It is called the "HIPAA Administrative Simplification Rule". I have reverted that part of the text back. —The preceding unsigned comment was added by Evenprimes (talk • contribs).

Right to request correction
I changed the section on corrections to state that the patient had a right to request correction as I felt this was more accurate. The covered entity has a right to reject such requests if the material to be corrected is already considered to be complete and accurate. —The preceding unsigned comment was added by Cf1472 (talk • contribs).

Use of patient's information
I also changed the provision implying that a patient's information can be used without consent only for treatment. In fact, there are a host of instances in which a patient's information can be used without his or her consent. —The preceding unsigned comment was added by Cf1472 (talk • contribs).

I am acquainted with a nursing home. They have a policy of having no identifications for their patients. It seems a very dangerous policy when considering medicine distribution. It was explained to me that the policy was instituted because of this act. Does this seem reasonable?


 * Where I work, we don't have ID bracelets on any of the residents. Instead, we have files with photographs of the residents so that they may be visually identified. The thing that makes my job as a CNA so insanely difficult, however, is not being able to know what to do with a patient because I'm not allowed access to his or her records. We have some people in isolation, and because of HIPAA, I can't ask anyone what precautions to take regarding what infectious disease measures I'm to take. I don't believe this was thought through very well -- I want to know whether I need to wear full iso gear to go in, you know? --Allie 09:39, 9 February 2007 (UTC)


 * I'd tend to agree that HIPAA has mostly negative unintended consequences for patient care, has produced a bonanza of paperwork, and caused "HIPAA Consulting" firms to spring up, diverting money from being spent in areas that might actually, I dunno, help patients. That's my POV. I did start a section on "Consequences of HIPAA" in which I tried to include some sourced, verifiable, third-party criticisms of HIPAA (there are definitely quite a few out there). If you can find other sources describing some of the negative consequences you've mentioned, we should work them into the article. MastCell 17:15, 9 February 2007 (UTC)

Portability?
This article doesn't say much about the "portability" aspect of of the Health Insurance Portability and Accountability Act. Would anyone care to expound on this [alleged] feature of HIPAA?
 * If you're thinking of the process by which, after you leave employment, you can self-pay for the same health insurance for a certain period, check out Consolidated Omnibus Budget Reconciliation Act of 1985.


 * Leave signatures people! Anyways, this article does need to address why the word "portability" is in there.  COBRA is a separate act and existed before HIPAA came to pass.  So how did this law address "portability"?  And if you know, please add it to the article, thanks. Midtempo-abg (talk) 18:02, 1 December 2008 (UTC)

HIPAA portability is part of Title I of HIPAA, and is described in that section. It deals with the ability of individuals to leave one job and move to another without losing coverage for preexisting conditions. —Preceding unsigned comment added by 38.98.229.170 (talk) 18:50, 12 December 2008 (UTC)


 * What if a person wants to buy individual coverage? Does HIPAA allow "portability" under similar rules and conditions for that situation?   (As opposed to becoming covered under a group policy when getting a new job) I.e., if a person wants to buy an individual insurance policy, does HIPAA prohibit discrimination against people with preexisting conditions if they had continuous insurance coverage (whether group or individual) for 12 months prior to applying for the new individual policy?  Captain Quirk (talk) 10:04, 27 June 2013 (UTC)

Stiff fine and random audits?
Can anyone cite anything to confirm this? "The result is that in the near future, covered entities will no longer be able to ignore the legislation and will be forced to adapt their processes accordingly or suffer stiff fines from the OCR. The OCR has recently begun doing random audits on various entities in an attempt to lessen the amount of HIPAA complaints that come into the regional OCR offices on a monthly basis." On the contrary, the new Final Ruling on Enforcement suggests that the policy of voluntary compliance and complaint-based enforcement will continue. And, does $100 count as a "stiff fine"? --Smarcus 04:32, 22 May 2006 (UTC)

Implications for clinical care and research
I've added a section on the effects of HIPAA on research and clinical care, drawn in large part from the recently published article on the topic in Annals of Internal Medicine. I think it's important that the article attempt to address the milieu and consequences of HIPAA in addition to the excellent legislative summary which has already been put together on this page. Comments/thoughts? MastCell 19:31, 17 August 2006 (UTC)

Spam
This article is prone to spam/inappropriate external links advertising "HIPAA compliance" services, etc. While in some ways I think this underscores the point that HIPAA has been a boon to these kind of "consultants" without measurably improving privacy or clinical care, they need to go. I've added the "spam-prone" template to the article so we can be vigilant. MastCell 18:33, 11 September 2006 (UTC)

HIPAA and clinical research
Is there a plan to embed the US HIPAA and the EU privacy regulation into the information on clinical trials on Wikipedia (wikilinks, article contents)? Privacy regulations have a significant impact on how to deal with data from clinical research. Pvosta 07:51, 10 October 2006 (UTC)

Adding more information on EDI transaction sets
First of all I must admit I made a mistake in posintg an external link to an article that I wrote on HIPAA and EDI. At the time I didn't understand that this was not appropriate becuase I felt that the information in the article was vendor nuetral. In reviewing the guidelines and the content, I realize that the link was wasn't as vendor nuetral as required by Wikipedia. In the same session, I added amplification on the use of EDI in HIPAA. Specifically I added the following text:

At present, the Healthcare industry working through the process to define and implement sensible EDI standards for all flows of information in the industry for all participants. As you can imagine, the process is slow as there are so many interested parties and business processes in the industry to consider when defining the implementation of EDI. For a flavour of how the industry is doing, the following is a sample of the transaction sets that have been defined for implementation.

EDI Health Care Claim Transaction set (837) is used to submit health care claim billing information, encounter information, or both. It can be sent from providers of health care services to payers, either directly or via intermediary billers and claims clearinghouses. It can also be used to transmit health care claims and billing payment information between payers with different payment responsibilities where coordination of benefits is required or between payers and regulatory agencies to monitor the rendering, billing, and/or payment of health care services within a specific health care/insurance industry segment.

For example, a state mental heath agency, may mandate all healthcare claims, Providers and health plans who trade professional (medical) health care claims electronically must use the 837 Health Care Claim: Professional standard to send in claims. As there are many different business applications for the Health Care claim, there can be slight derivations to cover off claims involving unique claims such as for Institutions, Professionals, Chiropractors, and Dentists etc. EDI Health Care Claim Payment/Advice Transaction Set (835) can be used to make a payment, send an Explanation of Benefits (EOB) remittance advice, or make a payment and send an EOB remittance advice only from a health insurer to a health care provider either directly or via a financial institution.

EDI Benefit Enrolment and Maintenance Set (834) can be used by employers, unions, government agencies, associations or insurance agencies to enrol members to a payer. The payer is a healthcare organization that pays claims, administers insurance or benefit or product. Examples of payers include an insurance company, health care professional (HMO), preferred provider organization (PPO), government agency (Medicaid, Medicare etc.) on any organization that may be contracted by one of these former groups.

EDI Application Advice (824) this transaction set can be used to report the results of an application system's data content edits of transaction sets. The results of editing transaction sets can be reported at the functional group and transaction set level in either coded or free-form format. It is designed to accommodate the business need of reporting the acceptance/rejection or acceptance with change of any transaction set. The Application Advice should not be used in place of a transaction set designed as a specific response to another transaction set (e.g., purchase order acknowledgment sent in response to a purchase order.)

EDI Payroll Deducted and other group Premium Payment for Insurance Products (820) this transaction set can be used to make a premium payment for insurance products. It can be used to order a financial institution to make a payment to a payee.

EDI Health Care Eligibility/Benefit Inquiry (270) is used to inquire about the health care benefits and eligibility associated with a subscriber or dependant

EDI Health Care Eligibility/Benefit Response (271) is used to respond to a request inquire about the health care benefits and eligibility associated with a subscriber or dependant

EDI Health Care Claim Status Request (276) this transaction set can be used by a provider, recipient of health care products or services or their authorized agent to request the status of a health care claim.

EDI Health Care Claim Status Notification (277) This transaction set can be used by a health care payer or authorized agent to notify a provider, recipient or authorized agent regarding the status of a health care claim or encounter, or to request additional information from the provider regarding a health care claim or encounter. This transaction set is not intended to replace the Health Care Claim Payment/Advice Transaction Set (835) and therefore, is not used for account payment posting. The notification is at a summary or service line detail level. The notification may be solicited or unsolicited.

EDI Health Care Service Review Information (278) This transaction set can be used to transmit health care service information, such as subscriber, patient, demographic, diagnosis or treatment data for the purpose of request for review, certification, notification or reporting the outcome of a health care services review.

EDI Functional Acknowledgement Transaction Set (997) this transaction set can be used to define the control structures for a set of acknowledgments to indicate the results of the syntactical analysis of the electronically encoded documents. The encoded documents are the transaction sets, which are grouped in functional groups, used in defining transactions for business data interchange. This standard does not cover the semantic meaning of the information encoded in the transaction sets.

I believe that the information that I posted did not follow outside the guidelines of Wikipedia. The EDI documents and use of such documents is commonly understood in the EDI and HIPAA communities. The text does not provide any vendor information. It does not specify any "opinions" as it states the generally understood reason for HIPAA and EDI. If Wikipaedia is to be relevant, it must provide information that is relevant and explains the information to inform the user. Again as a newbie to Wikipedia I might not understand all of the information requirements but an explaination would be helpfulMike Cobban 23:59, 8 January 2007 (UTC)Mike Cobban


 * Before adding links to external sites, it's worth reviewing Wikipedia's policies on external links as well as advertising and spam. In general, sites with a commerical aspect to them as well as links to sites or articles you've written yourself are discouraged. MastCell 02:51, 9 January 2007 (UTC)

A simple request
I would like someone to insert the fact that there is no such thing as a 'HIPAA Certification', as this would likley immediately resolve 90% of user traffic to this page. —The preceding unsigned comment was added by 68.3.99.37 (talk) 01:50, 27 March 2007 (UTC).

Request for addition
Recently I put a short paragraph about HIPAA Validation, but it was removed as spam. Sorry if it was offtopic. I've created a separate article where I have put my knowledge about HIPAA Validation abilities and how this works. The article is available here: HIPAA Compliance Validation Services. If you consider that it worth to be placed in "See also" section or to the body of the article (I can provide corresponding paragraph for your consideration) that may be useful for the people. —The preceding unsigned comment was added by LokiThread (talk • contribs).


 * I think the concern is that the material is promotional in nature rather than encyclopedic. Moving it to another article doesn't fix that concern. MastCell Talk 16:50, 11 May 2007 (UTC)


 * From my point of view the article is quite helpful, I just wish the author can add more details about how the validation works and what is validated. This is very interesting for me, so I don't share your concern. This is a free encyclopedia and everybody can share his knowledge - it's up to the people to jusge, not to you solely, otherwise it becomes communism not democracy. JackDm 17:30, 11 May 2007 (UTC)


 * Wikipedia has guidelines on promotional material; it is not, in fact, an indiscriminate collection of information. I'm happy to ask the community's input on whether the page should be deleted. MastCell Talk 20:23, 11 May 2007 (UTC)

Parallelism grammer question
Under 'Effects on Research', it says "While such information is important, the addition of a lengthy, legalistic section on privacy may make these already complex documents even more user-unfriendly for patients who are asked to read and sign them." Should 'more user-unfriendly' be changed to 'less user-friendly'?

small changes
I made a few small changes to the formatting. If it's wrong (I'm new at this), please give me a heads up on my talk page. Thanks Swilk (talk) 15:16, 21 November 2007 (UTC)

Effects on small to medium practices
Virtually all written material on HIPAA centers around the effects on hospitals and research centers. Is there any interest in a section on the effects on smaller healthcare entities?

LLorton (talk) 12:36, 12 March 2008 (UTC)

I would like to see that too since they have to be HIPAA-compliant just like every large entity dealing with HIPAA areas.

Rayghost (talk) 18:06, 1 June 2008 (UTC)

It might be worth pointing out that a lot of private practices and community programs aren't a covered entity under HIPAA at all, since they aren't doing the type of electronic transmission that makes them a covered entity. Every provider is of course bound to ethics codes that include confidentiality standards, but this has been the case for decades and has nothing to do with the newish HIPAA. I'm frequently encountering colleagues who use "HIPAA" to mean "confidentiality" (or, worse, to mean "PHI," as in, "someone needs to shred that box because it has HIPAA in it") and have to explain to them that they aren't a covered entity (a lot of times they're doing something that doesn't involve insurance at all, like providing therapies in the public schools or something). Triangular (talk) 22:10, 8 January 2012 (UTC)

HITECH HHH and FTC rules are out
The section on the HITECH act is a bit dated—it says HHH and the FTC are taking comments with a view to issuing final regulations on August 17, 2009. The FTC has issued final regulations (see http://www.ftc.gov/os/2009/08/R911002hbn.pdf), and HHH issued interim final regulations (see http://edocket.access.gpo.gov/2009/pdf/E9-20169.pdf). I don't know enough about Wikipedia style to make these changes myself, but perhaps someone who is more comfortable with Wikipedia edits could update this section?

Zhym (talk) 16:11, 28 January 2010 (UTC)

Moving HITECH into its own page
Although a portion of the HITECH act is functionally an extension of HIPAA, it is still a subsection of the ARRA, and deals a lot with the appropriation of stimulus funds as incentives for adopting EHRs. I think HITECH fits better under ARRA than under HIPAA, but better yet in its own page.

Ismyrnow (talk) 03:25, 29 March 2010 (UTC)

link request
hello i am requesting a link to josh valdez as he played a role in ensuring this act came to pass. — Preceding unsigned comment added by CrownP (talk • contribs) 17:21, 12 October 2011 (UTC)
 * Unreferenced and non-notable. No thank you.  ~  Pesco  So say•we all 12:50, 19 October 2011 (UTC)

Request for more information
If a US citizen moves back to the US from a foreign country then attempting to get a certificat of creditable coverage from the foreign (perhaps nationalized) insurance is quite difficult, because US laws do not apply to them and because they don't know what the heck a certificate of creditable coverage is, and they may not even speak english. It would be helpful if someone who understands this would explain it in the article, because it is very hard to find clear instructions of what to tell a foreign insurer anywhere on the web. — Preceding unsigned comment added by 99.235.250.152 (talk) 13:30, 5 September 2013 (UTC)