When your busy researching the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, you may overlook the Administrative Simplification Rule. Granted, it doesn't hold as much weight as the aforementioned Privacy and Security Rules, but it's still a key component in operating a compliant healthcare practice. So today we're going to take a closer look at the HIPAA Administrative Simplification Rule, revealing what that all it entitles.
The Administrative Simplification Rule contains a serious of provisions which are designed to improve the efficiency and effectiveness of the U.S. healthcare system by requiring covered entities to follow various “standards” for the storage, handling and/or transmission electronic health information.
As noted on the HHS website, Congress passed the HIPAA Administrative Simplification Statute to allow for technological advancements in the field of healthcare. In the past, for instance, doctors and other healthcare providers stored their data on paper files and folders, simply because computers hadn't been invented yet. With the advent of modern-day computers and networks, however, healthcare providers may now store Protected Health Information (PHI) digitally on a hard drive or some other storage device.
“Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information,” wrote the Department of Health and Human Services (HHS) on its website.
It's important to note that the HIPAA Privacy and Security Rules are actually part of the Administrative Simplification Rule, of which the Office for Civil Rights (OCR) both administers and enforces. We've talked about this before on our blog, but the Privacy Rule includes a set of standards regarding patient privacy that covered entities must follow, while the Security Rule consists of standards designed to protect Electronic Protected Health Information (ePHI) from unauthorized use and/or disclosure.
But there's more to the Administrative Simplification Rule than just the Privacy and Security Rules. Additionally, this Rule also includes Transactions and Code Sets Standards, Employer Identification Standards, and National Provider Identifier Standard. The Transactions and Code Sets Standards, for instance, provides specifications on how covered entities must handle the exchange of electronic health information.
You can find all of the HIPAA Administrative Simplification Rules at 45 CFR Parts 160, 162, and 164.