Q: What is the purpose of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)?

A: The primary purposes of HIPAA are to:

• Provide better access to health insurance.
• Limit fraud and abuse.
• Reduce administrative costs through specific administrative-simplification provisions. These provisions apply to a wide variety of issues involving electronically transmitted health information.

 back to top

Q: To whom does the legislation apply?

A: HIPAA touches virtually all healthcare organizations, requiring them to reassess their computer systems and internal procedures for compliance. Although health plans, clearinghouses, and healthcare providers that conduct electronic transactions are explicitly covered by HIPAA, the reach of the legislation extends to business associates acting on behalf of those covered entities as well. This includes billing services, vendors, application service providers, third-party administrators, and many other organizations that assist the covered entities in performing their essential functions.

Of particular importance are HIPAA's administrative-simplification provisions, which require covered entities to adopt national standards for electronic transactions. HIPAA also requires that security and privacy standards be adopted in order to protect personal health information.

Q: Why does the government want to standardize formats in which healthcare data are transmitted?

A: National standards for electronic healthcare transactions are expected to stimulate the development of e-commerce in the healthcare industry, simplify transactions and reduce administrative costs. Healthcare organizations that conduct electronic transactions now use many formats for such transactions. For example, more than 400 formats are used in claims processing alone.

Q: When does HIPAA go into effect?

A: HIPAA standards finalized by the Department of Health and Human Services (DHHS) are those governing electronic transaction and code sets and the privacy of individually identifiable health information. HIPAA standards regarding security of healthcare information remain in proposed form.

Dates for compliance are:

• Electronic transaction and code sets, including EDI: Oct. 16, 2003
  Congress recently extended the original compliance date (Oct. 16, 2002) by one year if healthcare organizations submit a summary to federal officials explaining how they will use the extra year to reach compliance. If a summary is not submitted, organizations must still comply by the original Oct. 16, 2002, deadline.
• Privacy of individually identifiable health information: April 14, 2003
• Security of healthcare information: TBD after the security rules are finalized

The only exceptions to this timetable are small health plans with less than $5 million in annual revenue, which have an additional year beyond these dates to comply.

Q: What are the estimated costs of compliance?

A: The Department of Health and Human Services has estimated the cost of compliance industry-wide at $3.5 billion to $17.5 billion. The Blue Cross and Blue Shield Association estimates the cost industry-wide at $43 billion over a five-year period. Compliance initiatives not only will be costly, but they also will take months to develop and launch.

Q: What benefits will HIPAA bring about?

A: Uniform national standards for electronic transactions will save the healthcare industry an estimated $29.9 billion over 10 years, according to the DHHS. These savings will result from the elimination of inefficient paper forms.

Security standards are forthcoming from the DHHS. Meanwhile, the privacy rules, which have been published in final form, are expected to protect medical records and other personal health information by:

• giving consumers greater control over their medical records and other personal health information,
• imposing limits on the use and release of health records,
• establishing safeguards that healthcare providers and others must use in the interest of protecting private health information, and
• setting civil and criminal penalties that can be imposed if holders of private healthcare information violate an individual's right to privacy.

 back to top

Q: What is TriZetto doing to help clients achieve compliance?

A: TriZetto's comprehensive approach to HIPAA-compliance initiatives enables healthcare organizations to obtain all necessary solutions from a single source. The company?s HIPAA solutions include training, expert advice, and software applications:

• HIPAASuccess: An in-depth training program on HIPAA requirements.
• Consulting: Services include assessments of health plans' existing systems for HIPAA preparedness, as well as designing and implementing HIPAA solutions.
• Software: TriZetto recently launched HIPAA Gateway, a product that receives, routes, stores and queries electronic transactions in compliance with HIPAA. HIPAA Gateway converts health-plan data into a HIPAA-compliant format and acts as a repository that allows customers to access the data as required by HIPAA. HIPAA Gateway is integrated with TriZetto?s widely used administrative systems for payers and benefits administrators, including Facets®, QicLink and HealthWeb®. HIPAA Gateway can also work with virtually any third-party vendors system and is available from TriZetto on a licensed or hosted basis.


TriZetto has also developed a HIPAA Privacy and Security Management application to assist health plans in managing data gathered in connection with HIPAA-compliance efforts. Additional applications may be developed as HIPAA rules are finalized.

TriZetto's administrative software applications, including Facets and QicLink, target specific aspects of HIPAA-mandated transaction processing, e.g., HIPAA-mandated procedure and diagnostic codes.

 back to top

Q: Is TriZetto also subject to HIPAA?

A: Because of its role in the transmission and storage of data for healthcare customers, TriZetto also is subject to HIPAA. TriZetto has initiated a company-wide HIPAA compliance initiative to ensure that its systems, products, and services support HIPAA?s administrative-simplification provisions. TriZetto has made HIPAA compliance a strategic priority, both in terms of achieving compliance, as well as monitoring and managing internal processes to ensure continued compliance.

TriZetto's internal HIPAA-compliance readiness activities involve developing in-house capabilities to support:

• all required EDI transaction standards and formats,
• all new national identifiers,
• security requirements applicable to TriZetto's systems and operations, and
• the privacy of individually identifiable health information within TriZetto's systems and operations.

 back to top

Q: Where can I see the HIPAA regulations?

A: Visit the DHHS Web site, http://aspe.hhs.gov/admnsimp/

Information

For more detailed information, please call 1-800-569-1222 or click on the link below. Request more information     Contact a sales rep