In 1996, a major legislative act was passed affecting health care administration called the Health Insurance Portability & Accountability Act or HIPAA. Whenever the legislature writes new laws it's up to the rest of society to understand the legal jargon and find how what the new law is all about. That's the aim of this article- to help simplify and state the main concepts of HIPAA.

There are two main parts to HIPAA that need to be understood.

• The first part of HIPAA amended the Internal Revenue Service Code of 1986.

• The second part is directed at streamlining and standardizing some of the administrative aspects of health care administration and information systems.

The second role of HIPAA is what will be focused and discussed as this is the part which mostly affects health care providers. Again the purpose of HIPAA was to simplify health care administration. There are deadlines for compliance; HIPAA does provide penalties and legal action for noncompliance. There are four parts to HIPAA:

• Standards for Electronic Transactions

• Unique Identifiers Standards

• Security Rule

• Privacy Rule

Before HIPAA there really wasn't much standardization among health care providers regarding filing claims and identification. This created a lot of problems, headaches and extra work. HIPAA aims at saving time and making the process more efficient. It affects how health care providers file and process claims and conduct other business electronically. HIPAA also makes provisions for how health care providers are identified. There was no standardized way of identifying health care providers in: (1) being identified to Medicare and other government health organizations and (2) in being identified with other health care providers. The security and privacy rules were created to ensure secure transmission of electronic data and to protect individuals' personal medical information.

Many health care providers use electronic means for filing, billing and claim work. There has yet to be any adopted standards for this, with each individual provider using whichever forms they like. This led to complications in filing claims with Medicare and in transferring information from provider to provider. HIPAA has changed that though making electronic filing forms standardized. When filing electronic claims or when sending an electronic medical record providers will now be using the same forms. Medicare will require that all providers use the same form when filing an electronic claim with them. Providers who do not file or process claims electronically will not be affected by HIPAA. Also a standardized set of codes must be used on records in relation to physical conditions, diseases, health, etc. Most providers and institutions already use this practice. There will be enforcement of compliance; HIPAA has set deadlines for when providers must be using the approved forms.

Also new with HIPAA is how providers will be identified. Health care providers, doctors, hospitals and health plans are required to have a unique identifier and current they are using either tax-id numbers or employer identification number.

The security and privacy rules contain provisions to ensure that people's personal records and information will be protected and kept confidential. Along with all other privacy laws there will be penalties for non compliance, HIPAA provides for fines up to $250,000 and possible jail time for severe enough violations. But don't be worried about too many places avoiding compliance, HIPAA was created to make the massive process of health care administration easier.