HIPAAssociates provides this page as a service to the small, self-insured health plan community. There is a variety of resources available on the Internet, and some of the most relevant are listed below. We will be updating this page periodically to provide additional resources, and welcome suggestions.
Wondering if you qualify as a 'small health plan'? Here is the guidance released by CMS.
First of all, you should check our Privacy pages for the most up to date information on HIPAA Privacy.
Occassionally, HHS releases guidance documents which explain HIPAA basics and provide answers to frequently asked questions.
- Business Associates Guidance
- Government Access Guidance
- Marketing Guidance
- Misc FAQs
- Notice of Privacy Practices Guidance
- Parents and Minors Guidance
- Privacy Guidance July 6 2001
- Privacy Guidance December 4 2002
- Public Health Guidance
- Research Guidance
- Worker's Compensation Guidance
First of all, you should check our Transactions pages for the most up to date information on HIPAA Transactions and Code Sets.
Questions for your vendor
If you haven’t been in touch with your vendors, it’s time to do so – don’t wait for them to contact you, and don’t assume that they are as knowledgeable about HIPAA Transactions requirements as they need to be. Ask them specific questions about what they are doing, such as:
1. What HIPAA transactions does your product support?
2. What software updates are needed?
3. What hardware upgrades are required?
4. Are the software updates incremental? (for example, if you only do claims, will you end up paying for more than you need)
5. Do you have a process for cross-walking local codes to approved codes?
6. Do you provide training and support?
Here is a document with a full list of questions for your vendors, TPAs (Third party administrators) and clearinghouses.
Many health plans feel ‘locked-in’ because they purchased software and/or upgrades, and are not aware of what other vendors are available. Here is a list of vendors.
Questions you may have
1. What are the benefits of electronic transactions?
There are three main benefits – it reduces errors, speeds up the claim submission and remittance process, and reduces administrative costs of handling claims and correcting errors in submissions.
2. If I do some claims electronically, do I have to convert all of my paper transactions?
No. Providers can continue to submit paper claims – but if you are already doing some transactions electronically, you should consider converting to all electronic – you’ve already made the investment, and you should take advantage of the benefits offered by electronic transactions.
3. Why should I be concerned – isn’t this my vendor’s problem?
Your vendor may or may not be a covered entity – it depends on whether they fit the definition of a clearinghouse, and process transactions. You are the main covered entity, and are held accountable for compliance.
4. If my vendor presents me with a large upgrade bill for my software, what are my options?
See the section on Options, and Questions for your Vendor.
5. What are the penalties if I don’t comply?
Penalties for non-compliance are $100 per transaction, limited to a maximum of $25,000 per year per health plan.
Did you know that…
• Health plans must not only convert to electronic transactions for existing electronic transactions, they must also be ready to conduct electronic transactions when requested to do so.
• Health plans cannot force providers to conduct electronic transactions? If providers elect to remain ‘all paper’, you must continue to support handling their claims.
• If you are already doing claims electronically, you can take advantage of some of the other transactions – for example, checking eligibility, or doing a claim status inquiry, instead of doing this over the phone or fax.
• Health plans have a number of other requirements they have to comply with, such as the prompt payment rule (must pay or respond to claims within a certain period of time; in addition, many states have enacted prompt pay legislation)
What should I be doing now?
Here is a checklist of the activities required for compliance with HIPAA Transactions and Code Sets. Document what you have done, are doing, or use the checklist to determine what you need to do.
We are compiling a list of resources to help health plans tackle Security requirements. For now, please check our Security pages for the most up to date information on HIPAA Security.