HIPAA COMPLIANCE

HIPAA COMPLIANCE



WHAT YOU NEED

TO KNOW ABOUT

“HIPAA”.



12/4/2011 1

WHAT IS HIPAA?

• Health Insurance Portability &

Accountability Act of 1996 (Federal Law).

• New rules to safeguard employees’

Protected Health Information (PHI).

• Mandates the development of national

standards and requirements to enable the

electronic exchange of certain PHI.





12/4/2011 2

EXAMPLES OF PHI

• Explanation of Benefits (EOB)

• Doctor’s Certification

• Copies of anything pertaining to hospital

and medical benefits; medical, dental,

reimbursement accounts and vision.









12/4/2011 3

Who must comply with HIPAA?

• “Covered Entities” – organizations bound by the

privacy standards were required to comply by

April 14, 2003.

– A Health Plan.

– A Health care clearinghouse.

– A Health care provider who transmits any health

information in electronic form. Examples: medical,

dental & flexible spending accounts (health care

reimbursement)





12/4/2011 4

How do we comply with

HIPAA?

• The privacy rule requires covered entities to

make reasonable efforts to limit use and

disclosure of PHI to the fewest people

necessary.

• ONLY the information obtained or created by

MDC’s health plan will be regulated by the

HIPAA requirements.

• PHI specifically excludes “employment

records.”





12/4/2011 5

What is our Role with

HIPAA?

• Treat PHI as Private and Confidential.

• Do not transmit or communicate such PHI to

anyone other than the employee, unless we

have the employee’s written permission to do

so.

• When responding to an email containing PHI,

Do Not copy anyone.

• Follow a few simple procedures to ensure

compliance with the new rule.





12/4/2011 6

The College’s Role with

HIPAA

• The College’s…

– practice is to treat employees’ personal

information with confidentiality.



– Policy II-81A was established to ensure

that MDC complies with HIPAA

regulations.

www.MDC.edu/policy/Chapter2/02-II-81A.pdf



– systems do not access, use or disclose

Protected Health Information [PHI].



12/4/2011 7

To Whom should PHI requests

be referred?

• Requests from the employee for their

own PHI – refer to Cigna

• Requests for PHI from other than the

person who is the subject of information

– refer to Cigna

• If unsuccessful with Cigna – refer to

Janik Collin, Benefits Dept. for

assistance with claims. Fax requests &

authorization to (305) 237-0322 or email

jcollin@mdc.edu

12/4/2011 8

Summary



• HIPAA is a Federal law that

protects employees’ health

information.



• MDC only contracts with

providers that comply with

HIPAA regulations.





12/4/2011 9