U.S. Department of Health and Human Services
Indian Health Service: The Federal Health Program for American Indians and Alaska Natives
A - Z Index:
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
#
picture of Family holding hands
 HIPAA – Health Insurance Portability and Accountability Act title
  
Home
line
HIPAA Coordinators
line
HIPAA Training
box Learn, Train & Protect
box About HIPAA
   Regulations
box Training Information
line
HIPAA 835 & 837 Training
line
Privacy Standards
line
Transactions and Code Sets Standards
line
Security Standards
line
Identifiers Standards
line
line
Forms, Policies & Procedures
line
Helpful Links
line
HIPAA FAQ
line
Resources for I H S Management
line
Questions or Comments. Please contact the Site Manager.


Welcome

Hot Topics:

  • July 2011 Updated IHS HIPAA Coordinators: This links to the current IHS HIPAA Coordinators who are responsible for their respective Area in all aspects of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13402).

    June 24, 2010
    The IHS HIPAA Forms are approved by OMB w/expiration date 1/31/2013 and 508 compliant. These forms are now located on the left side of this page under the “Forms, Policies & Procedures” Section. Just click on this link and under IHS HIPAA Forms, click on the URL link.

  • June 24, 2010
    This new link to the IHS Office of Information Technology – Division of Information Security contains useful security information for usage by Privacy staff responsible for the protection of health information that is collected or maintained by or on behalf of the Agency. Please click on this IHS Information Security link to access various operating procedures.

  • February 17, 2010
    OCR has implemented important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking, as required by the Administrative Procedure Act. These provisions include: business associate liability; new limitations on the sale of protected health information, marketing, and fundraising communications; and stronger individual rights to access electronic medical records and restrict the disclosure of certain information. Although the effective date (February 17, 2010) for many of these HITECH Act provisions has passed, the NPRM and the final rule that follows will provide specific information regarding the expected date of compliance and enforcement of these new requirements. IHS has posted the new Business Associate Agreement that contains the HITECH Act provisions and the IHS Business Associate Agreement Questions and Answers Checklist. Please click on the Privacy Standards Link to access the IHS Business Associate Agreement.

  • View the current IHS electronic Transaction Testing and RPMS for meeting HIPAA Electronic Transactions and Code Sets standards. Included with the status report are instructions for adding HIPAA required provider and location taxonomy codes to RPMS along with the RPMS Provider Taxonomy Cross-Walk Table.

  • A HIPAA Compliance Packet is provided to assist Area and site level programs in meeting HIPAA Transactions and Code Sets standards.

  • Minutes of conference calls addressing this issue are included as a reference for people who were not able to be on a call.

  • IHS NOTICE OF PRIVACY PRACTICES (2007) COLORIZED PAMPHLET [PDF-561KB]
    This links to the current colorized pamphlet IHS Notice of Privacy Practices (September 14, 2007) that was developed by the IHS HIPAA Privacy Compliance workgroup consisting of lawyers, health information management consultants and the IHS Privacy Act/HIPAA Privacy Officer.

  • OCR HIPAA COMPLAINT FORM & INSTRUCTIONS [PDF-71KB]
    This links to the HHS-Office for Civil Rights(OCR)-HIPAA Complaint Form, Instructions to where to file your complaint at the OCR Regional Office.   It is your option to file your complaint directly with the IHS facility where you were treated BUT you may follow the link above to file your complaint directly with Secretary, U.S. Health and Human Services.  Each IHS Area Office should have additional HIPAA Privacy information.

  • IHS HIPAA Compliant Forms/Policies and Procedures
    This links to the HIPAA Policy and Procedure Manual used by the IHS and the forms needed for procedures that require them. These were developed by a workgroup consisting of lawyers, health records personnel and privacy act officers. The Policy and Procedures were updated in September 2007 to be compliant with changes in the HIPAA regulations.

  • APRIL 15, 2005
    The Centers for Medicare and Medicaid Services has awarded Fox Systems, Inc. of Scottsdale Arizona, a five year contract to serve as the National Provider Identifier enumerator contractor.

    Fox Systems will process applications from healthcare providers and assign national standard provider identification numbers in accordance with HIPAA.

    At the time CMS is ready to accept applications for an NPI, health care providers can begin to apply. The NPI must be used on standard transactions with health plans, other than small health plans, no later than May 23, 2007. Providers should not begin using the NPI until health plans have issued specific instructions on accepting NPI on or before May 23, 2007.

    May 23, 2005 was the original date that providers could start applying for an NPI. As of April 5, 2005, CMS has not announced how this process will take place. CMS will announce information about how to contact Fox regarding the NPI as the NPI implementation date approaches.

Introduction
As passed by the United States Congress, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will institute administrative reforms that will be phased in over the period 2000-2003. Of major importance in the HIPAA legislation is the issue of data and transaction standardization-a mandate very few healthcare providers can sidestep if they bill third parties for services provided to patients. The law also changes the way health care providers have to protect the privacy of a patient's health information and contains security procedures that must be followed to protect the integrity of a patient's health information.

HIPAA Project Team
Dr. Bob Harry, the Office of the Director IHS, is the national IHS HIPAA coordinator. To carry out his responsibilities, Dr. Harry has formed a multidisciplinary Team. This team will work with Dr. Harry to provide leadership and coordination of all efforts as IHS healthcare programs work to become HIPAA compliant.

The strategic plan developed by the headquarters HIPAA team calls for them to interpret the regulations and develop national policies needed to comply with them. The team will cooperate with regional and national I/T/U programs and provide them with related information and materials as they are developed for HIPAA compliance. Through the HQ HIPAA Team, Dr. Harry will monitor the progress of the HIPAA compliance effort by I/T/U programs.

It is expected that the IHS Area Offices will develop Area HIPAA compliance plans that will include policy development needed to achieve HIPAA compliance at the Area level. Also, the Area Offices will work with the local I/T/U programs in helping them become HIPAA compliant.

HIPAA Background
The Health Insurance Portability and Accountability Act (HIPAA) is also known as the Kennedy-Kassebaum bill. It was first proposed with the simple objective to assure health insurance coverage after leaving a job. Congress added an Administrative Simplification section to the bill (see the Department of Health and Human Services Administrative Simplification Web site Exit Disclaimer – You Are Leaving www.ihs.gov for more information).

The goal of the Administrative Simplification section of the bill was to save money. It was requested and supported by the health care industry because it standardized electronic transactions and required standard record formats, code sets, and identifiers.

The impact of Electronic Standardization, however, was that it increased risk to security and privacy of individually identifiable health information. After Congress did not provide legislation defining the privacy and security requirements of HIPAA, the Department of Health and Human Services (DHHS) was required to provide them.

There are currently four proposed or final rules from DHHS for HIPAA:

  1. Transaction and Code Set standards (Final)
  2. Privacy standard (Final)
  3. Security standard (Final)
  4. Identifier standards (Proposed)

This website may require you to download plug-ins to view all content.

usa.gov link   Accessibility · Disclaimer · FAQs · Website Privacy Policy · Plain Writing Act · Freedom of Information Act · HIPAA · No Fear · Glossary · Contact

Indian Health Service (HQ) - The Reyes Building, 801 Thompson Avenue, Ste. 400 - Rockville, MD 20852