英语论文网

I. General Background A. Legislation The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines a process to achieve uniform national health data standards and health information privacy in the United States. Enacted with the widespread support of the industry and bipartisan support in the Congress, the law requires that the Secretary of Health and Human Services (HHS) adopt standards to support the electronic exchange of a variety of administrative and financial health care transactions. All health plans, health care clearinghouses, and those health care providers who elect to conduct the specified transactions electronically are required to comply with the standards within 2 years of their adoption, except that small health plans are required to comply within 3 years. Among these standards are: Certain uniform transactions and data elements for health claims and equivalent encounter information, claims attachments, health care payment and remittance advice, health plan enrollment and disenrollment, health plan eligibility, health plan premium payments, first report of injury, health claim status, referral certification and authorization, and for coordination of benefits. Unique identifiers for individuals, employers, health plans, and health care providers for use in the health care system. Code sets and classification systems for the data elements of the transactions identified. Security standards for health information. Standards for procedures for the electronic transmission and authentication of signatures with respect to the transactions identified. Privacy and confidentiality protections for health information play a prominent role in the law as well. The Secretary is required to adopt security standards to safeguard health information, during transmission and while stored in health information systems, to ensure the integrity of the information, and to protect against unauthorized uses and disclosures. Further, the law requires the Secretary to make detailed recommendations to the Congress for protection of individually identifiable health information. These recommendations were delivered to the Congress on September 11, 1997. If the Congress does not enact legislation for health record privacy by August 21, 1999, the law requires the Secretary to issue regulations to protect the privacy of individually identifiable health information transmitted in standard transactions. These regulations must be finalized by February 21, 2000. The law also specifies steep penalties for misuse of a health identifier and for wrongfully obtaining or disclosing individually identifiable health information. The penalties, which increase by type of offense, can be as much as $250,000 and 10 years in prison. More serious offenses are defined as those committed under false pretenses or those committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm. HHS formed five implementation teams to identify and