• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

HIPAA Final Rule: Modified Privacy Rule Definition–Payment

February 27, 2013 American Recovery and Reinvestment Act, Health IT and HITECH, HIPAA Law, Privacy No Comments

February 27, 2013.  Today, we start to examine definitions pertaining to the HIPAA Privacy Rule, and begin with payment, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013.

Here is the discussion in the Final Rule related to the proposed modification to the definition of payment from the July 14, 2010, Notice of Proposed Rule Making (NPRM), with the proposed modification accepted in the Final Rule:

“The definition of payment in the Privacy Rule at 45 CFR 164.501 includes activities, such as ‘determinations of eligibility or coverage’ by a health plan, some of which may fall within the definition of ‘underwriting purposes.’ To avoid any implication that a health plan would be permitted to use or disclose protected health information for ‘payment’ purposes that are otherwise prohibited by the underwriting prohibition, we proposed to include a cross-reference in the definition of ‘payment’ to the prohibition. Further, we believed the inclusion of such a cross-reference to be necessary to properly align the definition of payment in the Privacy Rule with the nondiscrimination provisions of GINA Title I and their implementing regulations. GINA provides a rule of construction at section 102(a)(2), which adds paragraph 2702(c)(3) of the Public Health Service Act (PHSA), to make clear that health plans are not prohibited from obtaining and using the results of 
a genetic test in making determinations regarding payment, as such term is defined by the HIPAA Privacy Rule. Thus, the proposed exception would make clear that GINA’s rule of construction regarding payment does not allow a health plan to use the results of genetic tests for activities that would otherwise constitute ‘underwriting purposes,’ such as for determinations of eligibility for benefits.”  78 Federal Register 5666

Here is the modified definition of payment, which will be effective March 26, 2013, with the modification underlined:

Payment means:

(1) The activities undertaken by:

(i) Except as prohibited under 45 164.502(a)(5)(i) [Prohibited uses and disclosures:  Use and disclosure of genetic information for underwriting purposes], a health plan to obtain premiums or to determine or fulfill its responsibility for coverage and provision of benefits under the health plan; or

(ii) A health care provider or health plan to obtain or provide reimbursement for the provision of health care; and

(2) The activities in paragraph (1) of this definition relate to the individual to whom health care is provided and include, but are not limited to:

(i) Determinations of eligibility or coverage (including coordination of benefits or the determination of cost sharing amounts), and adjudication or subrogation of health benefit claims;

(ii) Risk adjusting amounts due based on enrollee health status and demographic characteristics;

(iii) Billing, claims management, collection activities, obtaining payment under a contract for reinsurance (including stop-loss insurance and excess of loss insurance), and related health care data processing;

(iv) Review of health care services with respect to medical necessity, coverage under a health plan, appropriateness of care, or justification of charges;

(v) Utilization review activities, including precertification and preauthorization of services, concurrent and retrospective review of services; and

(vi) Disclosure to consumer reporting agencies of any of the following protected health information relating to collection of premiums or reimbursement:

(A) Name and address;

(B) Date of birth;

(C) Social security number;

(D) Payment history;

(E) Account number; and

(F) Name and address of the health care provider and/or health plan.

45 CFR 164.501, at 78 Federal Register 5696

Tomorrow, we continue with the modified Privacy Rule definition:  Health care operations, and Friday, with Marketing.

Tags: claims managementcollection activitiescompliance datecoveragedefinitioneffective dateeligibilityeligibility for benefitsexcess of loss insurancegenetic testGINA Title Ihealth benefit claimsHealth Care OperationsHealth Care Providerhealth planHIPAA Final RuleMarch 26 2013marketingmedical necessitymodificationnondiscrimination provisionsNotice of Proposed Rule MakingNPRMPaymentPHSApreauthorizationprecertificationpremiumsPrivacy Ruleprohibited uses and disclosuresprotected health informationPublic Health Service Actreinsuranceretrospective reviewrule of constructionSeptember 23 2013stop-loss insuranceunderwriting prohibitionunderwriting purposesuse or discloseutilization review
No Comments
Share
0

You also might be interested in

Finally, HIPAA/HITECH Act Privacy, Security, Breach Notification, Enforcement Final Rules at OMB

Mar 24, 2012

March 24, 2012.   Today, the Office of Information and Regulatory[...]

ONC Releases Final Rule for Temporary HIT Certification Program

Jun 18, 2010

On Friday afternoon, June 18, the Office of the National[...]

ONC Issues Meaningful Use Guide for Privacy & Security Attestation Compliance

May 9, 2012

May 9, 2012.  The Office of the National Coordinator for[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next