HIPAA and
the
Washington State Department of Health
The U.S. Department of Health and Human Services (HHS) has issued several
rules to implement the requirements of the Health Insurance Portability
and Accountability Act of 1996 ("HIPAA"). Organizations subject
to HIPAA are called
covered entities and must comply with all finalized HIPAA rules.
Rules
Four rules are now final and have the following compliance dates:
Technical Assistance and Enforcement for
Privacy Rules
The U.S. Department
of Health and Human Services is responsible for HIPAA implementation
and enforcement. The Office for Civil Rights (OCR) within HHS is responsible
for the Privacy Rule. The OCR Website
provides technical assistance.
The Center for Medicare
Services (CMS) within HHS is responsible for the standards related to
transactions and code sets, security, and identifiers for providers,
insurers and employers.
The
CMS website provides technical assistance.
Also, see the Helpful
HIPAA Links page at this site for additional hotlinks.
Although the Department
of Health provides technical assistance and support affecting healthcare
organizations or practitioners regarding other federal programs, DOH
has no unique relationship to OCR or CMS in terms of HIPAA. As a result,
DOH is not in a position to provide technical assistance in the interpretation
or implementation of HIPAA regulations. We are sharing our interpretations
and decisions as a covered entity, operating our healthcare component;
and as a Public Health Authority, with partners who are covered entities.
DOH and HIPAA -
Internal Impact
The Department of
Health is a HIPAA "Hybrid" Covered Entity. Only the Metabolic
Treatment Product Program (MTPP) in Newborn Screening must comply with
HIPAA. The MTPP distributes metabolic treatment products (supplies)
and bills health plans electronically, thus meeting the definition of
a provider.
Compliance Responsibilities
for DOH and the Healthcare Component
Agency Responsibilities
- Policies and
Procedures
- Privacy Complaint
Process
- Providing Privacy
Notice
- Sanctions Process
Healthcare
Component (MTPP)
Responsibilities
- Accounting for
PHI disclosures
- Assess PHI Uses
and Disclosures
- Business Associate
Agreements
- Employee Training
- Safeguards for
PHI
External Impact
of HIPAA
The Department of
Health recognizes that HIPAA impacts many of our healthcare partners
and colleagues. In an effort to answer how DOH will continue to interact
with its covered entity partners, we have prepared separate Web pages
regarding sharing information and
business associates.
|
