HIPAA requirements for Electronic Transactions & Code Sets (TCS) final modifications to meet the extended deadline of October 16,2003, have been published and incorporated into the standards. HHS has designated CMS (Centers for Medicare & Medicaid Services) as the overseer for compliance. HIPAA implementation specifications can be downloaded free of charge from the Washington Publishing Company. Publications for Code Sets are in paper & electronic form & can be purchased from vendors such as the AMA, CMS and HHS.

HIPAA - Privacy

The Privacy compliance date of April 14, 2003 has come and gone, but how many covered entities are totally compliant? The HIPAA Privacy rule establishes standards to protect the confidentiality of individually identifiable health information maintained or transmitted electronically in connection with certain administrative & financial transactions. The rule provides new rights for individuals with respect to protected health information about them & mandates the obligations of health care providers, health plans, & health care clearinghouses. Know the Rules! Make sure you understand what level of compliance is necessary for your organization. The Office for Civil Rights (OCR), a department within HHS has been designated as the overseer for compliance with the Privacy Rules.

HIPAA - Security

The final security rule adopts standards for the security of electronic protected health information that is collected, maintained, used or transmitted electronically. These standards require measures to be taken to secure this information while in the custody of entities covered by HIPAA (covered entities) as well as in transit between covered entities and from covered entities to others. The Electronic Signature section of the proposed rule will be published in its final state at a later date and is excluded from the final security rules. The final security rules will reside in subchapter C of title 45, consisting of parts 160, 162, and 164. Subpart A of part 160 contains the general pro- visions applicable to all the Administrative Simplification rules. Part 162 contains the Electronic Transaction and Code Sets and will contain the identifier standards. Part 164 contains the standards relating to Privacy and Security. The Center for Medicare and Medicaid Services (CMS) has been designated as the responsible agency for overseeing compliance and complaints related to the security final rules. The Compliance Date for Security is April 21, 2005 (small health plans April 21, 2006).

HIPAA - National Identifiers

The National Provider Identifier (NPI) will be published in July 2003, according to the May 27, 2003 agenda become final in 2002. The NPI is proposed as an 8 position announcement in the Federal Register. No hint as yet as to the content or enumeration process.