HIPAA Series Part III of III: HIPAA and the Delivery of Healthcare

The Part I installment, published in the February 2013 issue of HC Topics, provided an in-depth discussion of the historical underpinnings and foundation of the current HIPAA regulation.1   Last month’s Part II installment focused on the latest amendment to the HIPAA legislation, which significantly altered previously published requirements affecting business associates and their subcontractors.2 This third, and final, installment considers HIPAA regulation and significance within the context of the current healthcare marketplace.

Although HIPAA was first established in 1996, healthcare providers and consumers may still misinterpret application of the law in current patient care settings.3  Within the context of an ever-changing healthcare environment, most notably with regard to the implementation of electronic medical records and efforts to facilitate a more integrated system of care, the recent updates to HIPAA regulations and enhanced scrutiny of healthcare patient privacy practices may pose a continued compliance challenge for providers.

As the healthcare industry continues to transition from paper-based information management to electronic transactions and data management, in addition to the ICD-10 transition scheduled for October 2013, the current version of the HIPAA standards that regulate the transmission of specific health care information (Version 4010/4010AI) will be updated to ASC X12 Version 5010.4 The HIPAA Version 5010 will include updated technical, structural, and data content requirements; transactional business standardization; data transmission specifications, and, delineation of various patient codes to accommodate the increased complexity and changes to medical care, billing, and reimbursement.5 The transition to HIPAA Version 5010 will likely affect many healthcare industry stakeholders, including providers, health plans, healthcare clearinghouses, and business associates that participate in electronic transactions, all of which will also be affected by the new regulations governing business associates and subcontractors, as discussed in last month’s issue of HC Topics HIPAA Series Part II.6

While simultaneously implementing advancements in electronic healthcare data management in the current healthcare environment in an effort to increase quality of care and lower healthcare costs, healthcare providers must also contend with challenges related to enhanced HIPAA regulations.  As the methods and frequency of communication between providers, e.g., communication between outpatient and inpatient settings, among differing specialties and organizations, etc., become more integrated, the inherent risk of HIPAA violation may also increase.  To avoid the potential for non-compliance, healthcare systems and providers should consider introducing safeguards and oversight policies regarding communication processes to ensure consistent compliance, as well as to identify and correct potential deficiencies or areas of concern.

Providers and stakeholders in the healthcare arena must also consider the updated HIPAA regulations with regard to existing laws that govern and protect patient health information (PHI), such as the Red Flag Rules, the HITECH Act, and the Patient Safety and Quality Improvement Act.  The Red Flag Rules, implemented on November 1, 2009 by the Federal Trade Commission, requires healthcare providers to enforce written policies to identify and prevent identity theft, including PHI beyond that required by HIPAA, e.g., credit card numbers, tax identification numbers, business identification numbers and employer identification numbers.7  

One of the most significant amendments to HIPAA was implemented under the Health Information Technology for Economic Clinical Health (HITECH) Act, a portion of the  American Recovery and Reinvestment Act of 2009 (ARRA), signed into law February 17, 2009. The HITECH act provides incentives and penalties associated with the adoption of electronic health records (EHR), including electronic prescribing; information exchange between systems; and, qualitative reporting, among other metrics.8  Providers that aligned practices with many of the provisions in the original HITECH act likely have fewer changes to implement prior to the September 23, 2013 compliance deadline for covered entities under the updated HIPAA provisions.9

In addition to the Red Flag Rules and HITECH Act, the updated HIPAA regulations must be considered in relation to the Patient Safety and Quality Improvement Act of 2005 (PSQIA), which delineates guidelines and penalties for the protection and sharing of patient information related to patient safety events and quality improvement.10  Providers should note that, although the information covered by the PSQIA may include PHI also covered under HIPAA, dual penalties cannot be leveraged under both regulations.11

As PHI data transmission and management transitions with healthcare delivery integration and electronic system implementation, healthcare providers, including covered entities; business associates; and, subcontractors as defined by the latest amendment published on January 25, 2013, must remain compliant with current HIPAA regulations.  Additionally, providers must be aware of HIPAA requirements relative to additional healthcare regulation regarding the use, transmission, and management of PHI and other additional patient information. The most recent amendment to HIPAA regulations will likely have significant effects on various healthcare industry stakeholders, though the enforcement and scrutiny of provider compliance has not been extensively considered to date, with the ultimate impact of the new rules remaining to be seen post-implementation in 2013 and 2014.

HIPAA Series Part II: Effect on Business Associates

HIPAA Series Part I: History and Overview of   HIPAA Legislation

1
“HIPAA Series Part I: History and Overview of HIPAA Legislation,” Health Capital Topics Newsletter, Vol. 6, No. 2, February 2013

2
“HIPAA Series Part II: Effect on Business Associates”, Health Capital Topics Newsletter, Vol. 6, No. 3, March 2013

3
“A Privacy Law Often Misinterpreted”, by Paula Span, The New York Times, March 27, 2013, http://newoldage.blogs.nytimes.com/2013/03/27/a-privacy-law-often-misinterpreted/ (Accessed April 7, 2013)

4
“New Health Care Electronic Transactions Standards: Versions 5010, D.0, and 3.0” Centers for Medicare & Medicaid Services, January 2010, http://www.cms.gov/ICD10/Downloads/w5010 BasicsFctSht.pdf  (Accessed 11/29/11).

5
“Is Your Practice Ready for Version 5010” MGMA Connexion Supplement, October 2011, p. 9.

6
“HIPAA Series Part II: Effect on Business Associates”, Health Capital Topics Newsletter, Vol. 6, No. 3, March 2013

7
“Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule”, Federal Register, Vol. 72, No. 217, November 9, 2007, p. 63718, 63723

8
“American Recovery and Reinvestment Act of 2009” 111th Congress, 1st Session, January 6, 2009, Section 13001

9
“New HIPAA/HITECH Rules Implementation Roadmap: Countdown Begins to September 23, 2013 Compliance Deadline”, by Boris Segalis, Information Law Group, March 31, 2013, http://www.infolawgroup.com/2013/03/articles/hipaa/hipaahitechrules/ (Accessed April 9, 2013)

10
“Patient Safety and Quality Improvement”, U.S. Department of Health and Human Services, Federal Register, Vol. 73, No. 226, November 21, 2008, p. 70732

11
“Health Information Privacy: Delegation of Authority”, U.S. Department of Health and Human Services, http://www.hhs.gov/ocr/privacy/psa/understanding/delegationofauthority.html (Accessed April 11, 2013)

© Health Capital Consultants
Todd A. Zigrang

Todd A. Zigrang, MBA, MHA, CVA, ASA, FACHE, ABV, is the President of Health Capital Consultants (HCC), where he focuses on the areas of valuation and financial analysis for hospitals, physician practices, and other healthcare enterprises. Mr. Zigrang has over 28 years of experience providing valuation, financial, transaction and strategic advisory services nationwide in over 2,000 transactions and joint ventures. Mr. Zigrang is also considered an expert in the field of healthcare compensation for physicians, executives and other professionals.

Mr. Zigrang is the co-author of "The Adviser’s Guide to Healthcare – 2nd Edition" [2015 – AICPA], numerous chapters in legal treatises and anthologies, and peer-reviewed and industry articles such as: The Accountant’s Business Manual (AICPA); Valuing Professional Practices and Licenses (Aspen Publishers); Valuation Strategies; Business Appraisal Practice; and, NACVA QuickRead. In addition to his contributions as an author, Mr. Zigrang has served as faculty before professional and trade associations such as the American Society of Appraisers (ASA); the National Association of Certified Valuators and Analysts (NACVA); Physician Hospitals of America (PHA); the Institute of Business Appraisers (IBA); the Healthcare Financial Management Association (HFMA); and, the CPA Leadership Institute.

Mr. Zigrang holds a Master of Science in Health Administration (MHA) and a Master of Business Administration (MBA) from the University of Missouri at Columbia. He is a Fellow of the American College of Healthcare Executives (FACHE) and holds the Certified Valuation Analyst (CVA) designation from NACVA. Mr. Zigrang also holds the Accredited Senior Appraiser (ASA) designation from the American Society of Appraisers, where he has served as President of the St. Louis Chapter. He is also a member of the America Association of Provider Compensation Professionals (AAPCP), AHLA, AICPA, NACVA, NSCHBC, and, the Society of OMS Administrators (SOMSA).

Jessica L. Bailey-Wheaton

Jessica L. Bailey-Wheaton, Esq., is Senior Vice President and General Counsel of HCC. Her work focuses on the areas of Certificate of Need (CON) preparation and consulting, as well as project management and consulting services related to the impact of both federal and state regulations on healthcare transactions. In that role, Ms. Bailey-Wheaton provides research services necessary to support certified opinions of value related to the Fair Market Value and Commercial Reasonableness of transactions related to healthcare enterprises, assets, and services.

She serves on the editorial board of NACVA’s The Value Examiner and is the current Co-Chair of the American Bar Association (ABA) Health Law Section’s Membership Committee and the Young Lawyer Division (YLD) Liaison to the ABA Health Law Section Governing Council. She has previously presented before the ABA, American Health Law Association (AHLA). NACVA, the National Society of Certified Healthcare Business Consultants (NSCHBC), and the American College of Surgeons.

Ms. Bailey-Wheaton is a member of the Missouri and Illinois Bars and holds a J.D., with a concentration in Health Law, from Saint Louis University School of Law.

Janvi R. Shah

Janvi R. Shah, MBA, MSF, CVA, serves as Senior Financial Analyst of HCC. Mrs. Shah holds a M.S. in Finance from Washington University Saint Louis and the CVA designation from NACVA. She develops fair market value and commercial reasonableness opinions related to healthcare enterprises, assets, and services. In addition she prepares, reviews and analyzes forecasted and pro forma financial statements to determine the most probable future net economic benefit related to healthcare enterprises, assets, and services and applies utilization demand and reimbursement trends to project professional medical revenue streams and ancillary services and technical component (ASTC) revenue streams.

Click Here for More Information on
HCC's Leadership and Capabilities
© Health Capital Consultants
Healthcare Valuation Banner Advisor's Guide to Healthcare Banner Accountable Care Organizations Banner