February 27, 2013. Today, we start to examine definitions pertaining to the HIPAA Privacy Rule, and begin with payment, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013.
Here is the discussion in the Final Rule related to the proposed modification to the definition of payment from the July 14, 2010, Notice of Proposed Rule Making (NPRM), with the proposed modification accepted in the Final Rule:
“The definition of payment in the Privacy Rule at 45 CFR 164.501 includes activities, such as ‘determinations of eligibility or coverage’ by a health plan, some of which may fall within the definition of ‘underwriting purposes.’ To avoid any implication that a health plan would be permitted to use or disclose protected health information for ‘payment’ purposes that are otherwise prohibited by the underwriting prohibition, we proposed to include a cross-reference in the definition of ‘payment’ to the prohibition. Further, we believed the inclusion of such a cross-reference to be necessary to properly align the definition of payment in the Privacy Rule with the nondiscrimination provisions of GINA Title I and their implementing regulations. GINA provides a rule of construction at section 102(a)(2), which adds paragraph 2702(c)(3) of the Public Health Service Act (PHSA), to make clear that health plans are not prohibited from obtaining and using the results of a genetic test in making determinations regarding payment, as such term is defined by the HIPAA Privacy Rule. Thus, the proposed exception would make clear that GINA’s rule of construction regarding payment does not allow a health plan to use the results of genetic tests for activities that would otherwise constitute ‘underwriting purposes,’ such as for determinations of eligibility for benefits.” 78 Federal Register 5666
Here is the modified definition of payment, which will be effective March 26, 2013, with the modification underlined:
Payment means:
(1) The activities undertaken by:
(i) Except as prohibited under 45 164.502(a)(5)(i) [Prohibited uses and disclosures: Use and disclosure of genetic information for underwriting purposes], a health plan to obtain premiums or to determine or fulfill its responsibility for coverage and provision of benefits under the health plan; or
(ii) A health care provider or health plan to obtain or provide reimbursement for the provision of health care; and
(2) The activities in paragraph (1) of this definition relate to the individual to whom health care is provided and include, but are not limited to:
(i) Determinations of eligibility or coverage (including coordination of benefits or the determination of cost sharing amounts), and adjudication or subrogation of health benefit claims;
(ii) Risk adjusting amounts due based on enrollee health status and demographic characteristics;
(iii) Billing, claims management, collection activities, obtaining payment under a contract for reinsurance (including stop-loss insurance and excess of loss insurance), and related health care data processing;
(iv) Review of health care services with respect to medical necessity, coverage under a health plan, appropriateness of care, or justification of charges;
(v) Utilization review activities, including precertification and preauthorization of services, concurrent and retrospective review of services; and
(vi) Disclosure to consumer reporting agencies of any of the following protected health information relating to collection of premiums or reimbursement:
(A) Name and address;
(B) Date of birth;
(C) Social security number;
(D) Payment history;
(E) Account number; and
(F) Name and address of the health care provider and/or health plan.
45 CFR 164.501, at 78 Federal Register 5696
Tomorrow, we continue with the modified Privacy Rule definition: Health care operations, and Friday, with Marketing.