Regulatory Affairs

Helpful HIPAA Links

• Department of Health and Human Services (DHHS)
• DHHS, Office of Civil Rights (OCR)
• DHHS，Medicare＆Medicaid服务中心（CMS）187金宝搏beat亚洲体育
• DHHS：健康信息隐私
• Designated Standard Maintenance Organization (DSMO)
• Workgroup for Electronic Data Interchange (WEDI)

HIPAA概述

健康保险便携性和问责法（HIPAA）是为了满足三个目标：

1. 提供持续覆盖就业差距（可移植性）之间的利益，
2. 减少医疗保健欺诈（问责制），和
3. 减少医疗保健行业的管理费用（行政简化）。

一个dministrative Simplification began as President George Bush, Sr. assembled a group of healthcare industry leaders to discuss the reduction of healthcare administration costs; increased electronic data interchange (EDI) was the overwhelming answer. Faced with resistance in Congress, the Act only passed with extensive industry support.

The Department of Health and Human Services (DHHS) defines the purposes of the Administrative Simplification rule thusly:

1. 通过提供对其健康信息的访问并控制不恰当的信息来保护和提升消费者的权利;
2. To improve the quality of healthcare in the U.S. by restoring trust in the healthcare system among consumers, healthcare professionals, and the multitude of organizations and individuals committed to the delivery of care; and
3. 通过为国家，卫生系统和个人组织和个人建立努力，提高医疗保健框架的效率和有效性。

[65 Fed. Reg. 82463 (December 28, 2000)]

行政简化的三个主要要素

The Standards for Electronic Transactions and Code Sets

The cost of administration in the healthcare industry is very high. Providers, insurers, health plans, and others have utilized many different electronic data formats and transmission requirements. This complex web of data interchange has resulted in delays, confusing rejections, bureaucratic authorization processes, and low levels of remittance. The creation of national conformance standards covering the most routine electronic transmissions has the potential of reducing the resources – financial, time, and human – necessary to do business in the healthcare industry, as well as enhance the effectiveness of the intended transactions. The Standards for Electronic Transactions regulation has established mandatory transaction and coding requirements for defined electronic transactions. Providers are able to submit standard transactions to health plans and payers that have to accept them. Hence, electronic data interchange enables healthcare facilities to pursue the most effective and efficient use of modern information technology in the administration of their organizations.

国会还认识到现代信息技术的力量。不断推进的技术使得能够以任何所需的格式或结构集合和聚合大量数据;将这些数据进行排序，过滤和分析的无穷无尽的排列;并且瞬间广泛分布原始数据或分析结果 - 所有都没有重要人类思想。因此，保护​​患者健康信息隐私和安全性的需要毫无疑问。

The Security and Electronic Signature Standard (“Security”) and the Privacy of Individually Identifiable Health Information Standard (“Privacy”) comprise a team of regulations intended to protect patient health information. Privacy defines the permissible means of access, use, and disclosure of the applicable patient information, while Security governs the operational, physical, and technical mechanisms necessary to protect this information.

隐私权标准可单独识别的健康信息

隐私规则旨在防止对患者兴趣的不合理犯罪限制不必要的知识或传播提供或积累的个人信息，以协助诊断或治疗。具体要求将个人患者信息的访问，使用或披露给合法地参与患者治疗的人，医疗机构所需的经营以及用于治疗的计费。

Security and Electronic Signature Standards

The Security rule is intended to ensure that organizations that hold personal patient information provide operational, physical, and technical protections to support privacy restrictions. That is, the organization must create a comprehensive system of operational, physical, and technical protections to prevent unintended access, use, and disclosure of protected information. Security refers to protections at three levels:

• 保密 - 保护来自未经授权的使用，访问或披露的委托信息;

• 完整性 - 保存信息的特定性质，性格和内容;和

• 一个vailability – Ability to access, use, or disclose information as intended in an effective and efficient time, place, and manner.