Confidentiality, Privacy and Security

HIPAA question

  • 1.  HIPAA question

    Posted 09-08-2018 03:27
    Sorry, couldn't think of a less broad title to ask this. But something that has had me wondering for a while.

    Excluding ethics, or other laws, If a provider​/facility does not accept insurance/medihealth (cash only, for instance) does that mean that HIPAA's privacy laws don't apply?

    Are there other laws that would apply in that case, if so?

    aside: Also, a mistype in a conversation with a friend autocorrect turned HIPAA into hippo... seems fitting...and good for a chuckle

    Cody Todd
    Health Info Svs Specialist
    Mercy Hospital Springfield

  • 2.  RE: HIPAA question

    Posted 09-11-2018 13:32
    Hello, Todd:

    HIPAA only applies to covered entities.  A provider or facility would be considered a covered entity if they engaged in covered electronic transactions.

    As far as other laws that would apply to privacy and security of health information, it would depend on the type of facility/provider and the presence of any state laws that apply to the provider/facility.  These laws typically do not differentiate between providers who are cash only or who accept insurance.  There may be specific laws related to health information as it relates to any state funded healthcare plan.

    Does this help?

    Dorinda Sattler, MJ RHIA,CHPS,CPHRM
    Clinical Asst. Professor, Program Dir. HIT
    Indiana University Northwest

  • 3.  RE: HIPAA question

    Posted 09-12-2018 13:22
    I found this article that was helpful...

     Is Your Cash Based Practice a "Covered Entity?"

    Transactions are electronic exchanges involving the transfer of information between two parties for specific purposes. For example, a health care provider will send a claim to a health plan to request payment for medical services. In the HIPAA regulations, the Secretary of Health and Human Services (HHS) adopted certain standard transactions for Electronic Data Interchange (EDI) of health care data. These transactions are:

    • claims and encounter information
    • payment and remittance advice
    • claims status
    • eligibility
    • enrollment and disenrollment
    • requests to obtain referral certifications and authorizations
    • coordination of benefits
    • premium payment

    Under HIPAA, if a covered entity conducts one of the adopted transactions electronically, they must use the adopted standard.

    Jennifer Hoffman
    Health Information Manager

  • 4.  RE: HIPAA question

    Posted 09-13-2018 22:45

    Thank you for your replies. And, I will admit, I find myself now a little concerned about going to a cash-only clinic. The more you know.

    Cody Todd
    Health Info Svs Specialist
    Mercy Hospital Springfield