This article defines HIPAA and includes some of the requirements to be compliant with federal regulations. It also briefly talks about proposed legislation for private health information as it pertains to prior authorization.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop rules that would protect the privacy and security of health information. HHS then created the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule consists of standards to protect health information; whereas the Security Rule establishes security standards for electronic health information. Together, these rules address technical and non-technical safeguards to protect patient health information.
The Office for Civil Rights (OCR) enforces both rules through voluntary compliance activities and civil money penalties.
The Security Rule…
Security Rule Safeguards (generally)
The Privacy Rule…
Proposed Rule by HHS on January 24, 2022
Summary: HHS is seeking input from the public about electronic prior authorization standards, implementation specifications and more.
Specifically, the proposed rule mandates that HHS clarify requirements under HIPAA for electronic prior authorizations. According to the Federal Register website, HHS has only adopted operating rules for three HIPAA transactions: “eligibility for a health plan, healthcare claim status, healthcare electronic funds transfers (EFT) and remittance advice.”
The comment period ended in March 2022, so findings should be published soon.
New HIPAA guidance for prior authorization would issue a PHI standard for prior authorization across the board, helping to ensure security for patients in need of prior authorization.
Prior authorization has become such a giant part of healthcare. On average, practices work on 41 prior authorizations per week. In fact, prior authorization is such a massive undertaking that approximately 40% of physicians have staff who work exclusively on prior authorizations.
The legislation, "Request for Information: Electronic Prior Authorization Standards, Implementation Specifications, and Certification Criteria" discusses possible solutions to the burden of prior authorization (and not just on the HIPAA front). Back in 2019 the Health Information Technology Advisory Committee (HITAC) identified a "need for standards to support the integration of prior authorization into all applicable EHR-based ordering workflows."
HITAC recommended that standards be established for prior authorization workflows.
Learn more about this proposed legislation here.
Shameless Plug: Rivet Estimates help your practice succeed.
Rivet offers software solutions that integrate with your EHR for up-front patient cost estimates (that comply with the No Surprises Act), as well as denied claim and underpaid claim solutions.
To see a demo and discuss billing pain points, request a Rivet demo now.