ConnectiCare - HIPAA Readiness

What is HIPAA?

The Health Insurance Portability & Accountability Act of 1996 (HIPAA) was enacted to improve portability and continuity of health insurance coverage; combat waste, fraud , and abuse; promote the use of medical savings accounts; improve access to long term care services and coverage; and to simplify the administration of health insurance. The objectives of the administration simplification provisions are to improve efficiency in healthcare delivery by standardizing electronic data interchange and to protect the confidentiality and security of individually identifiable health data by setting and enforcing standards.

To find out more about HIPAA and read the actual regulations go to http://cms.hhs.gov/hipaa/

CONNECTICARE’S HIPAA READINESS

Overview: ConnectiCare has implemented procedures to attain compliance with the Administrative Simplification provisions of HIPAA.

Standard Transactions: ConnectiCare sends and receives transactions with multiple business partners. As outlined by the HIPAA regulations, ConnectiCare has now transitioned over to the HIPAA transactions listed below. We are converting our trading partners to these standards as the trading partners themselves are ready to convert.

Covered Transaction Type	Transaction Standard/ Format & Version
Health Care claim or encounter	837 professional and Institutional – ANSI x12 v4010
Claim payment and remittance advice (ERA)	835 – ANSI x12 v4010
Enrollment / dis-enrollment in Health Plan	834 – ANSI x12 v4010
Health Plan premium payments	820 – ANSI x12 v4010
Health Care claims status	276/277 – ANSI x12 v4010
Health Plan Eligibility	270/271 – ANSI x12 v4010
Referral certification and authorization	278 – ANSI x12 v4010

Testing: All of ConnectiCare's EDI trading partners which were deemed covered entities under the HIPAA law have either moved to production or are in the process of testing the 4010A1 transaction sets.

Privacy: ConnectiCare complied with the HIPAA Privacy Rule requirements by the April 14, 2003 compliance date.

Privacy Policies and Procedures: ConnectiCare has revised existing privacy policies and procedures and developed new privacy policies and procedures to meet the Privacy Rule standards.

“Minimum Necessary” Evaluation: ConnectiCare has evaluated the categories of protected health information (PHI) that each class of employees needs to access in order to perform their jobs. Policies and procedures have been developed to limit access accordingly. Disclosures of PHI have also been evaluated to ensure that such disclosures are limited to what is reasonably necessary to achieve the disclosure�s legitimate purpose.

Safeguards: Reasonable safeguards have been implemented to protect PHI from improper uses and disclosures.

Training: Delivery of privacy training to all ConnectiCare employees has been completed.

Business Associates: ConnectiCare has identified its business associates and has amended its contracts with each business associate to include the necessary assurances.

Notice of Privacy Practices: ConnectiCare distributes a Privacy Notice to its members annually. This document was revised recently and was sent to members in early April 2003 in the HouseCall newsletter.

Security: ConnectiCare complied with the HIPAA Security Rule requirements by the April 20, 2005 compliance date.

Security Management Process: A formal security risk analysis and risk management process led by the Chief Information Officer meets monthly to address all security related issues.

Security Policies and Procedures: Many of the HIPAA Security Standards have been considered industry �best practices� for years and have already been addressed in our policies and procedures. Examples include the use of VPN technology, strong passwords, periodic user rights review, formal change management process, security incident procedures, data backup plan, disaster recovery plan and encryption.

Training: All employees have completed training specific to the HIPAA Security Rule.

Facility Security: Physical security is controlled using a key-card system at all of ConnectiCare�s facilities. Access to any sensitive areas within ConnectiCare, such as the data center, are limited to only those employees that need access to those areas to perform their job.

Evaluation: Periodic security reviews will be lead by the Audit department. In addition to those specific reviews, there is a security review built into the annual financial audit.

Home | Members | Producers | Employers | Providers | Visitors

Find a Doctor • Pharmacy Center • About Us • Media Center • Legal Information • Privacy Policies

Copyright © 2007 ConnectiCare. All Rights Reserved.

Any information provided on this Website is for informational purposes only. It is not medical advice and should not be substituted for regular consultation with your health care provider. If you have any concerns about your health, please contact your health care provider's office.

Also, this information is not intended to imply that services or treatments described in the information are covered benefits under your plan. Please refer to your Membership Agreement, Certificate of Coverage, Benefit Summary, or other plan documents for specific information about your benefits coverage.