Health Care Information Security, Privacy And Compliance
Health Care Information acts described are HIPAA, The America Reinvestment and Recovery Act and Administrative Simplification and Compliance Act (ASCA).
- Ensuring the security of electronic data transmitted between covered entities, and
- Ensuring the privacy of individuals who are the subject of electronic information being transmitted between covered entities.
The ARRA legislation states the following in reference to actions to be taken by a covered entity or their business associate in case of a breach of protected health information: H.R. 1-146, Subtitle D, Part 1, Section 13402 states that “a [covered entity or a] business associate of a covered entity that accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses, or discloses unsecured protected health information shall, following the discovery of a breach of such information, notify the covered entity of such breach. Such notice shall include the identification of each individual whose unsecured protected health information has been, or is reasonably believed by the business associate to have been, accessed, acquired, or disclosed during such breach.
Administrative Simplification and Compliance Act (ASCA)
The Administrative Simplification Compliance Act (ASCA) prohibits payment of services or supplies that a provider did not bill to Medicare electronically. “Providers” is used in a generic sense here and refers equally to physicians, suppliers, and other health care providers. Providers are required to self-assess to determine whether they meet certain permitted exceptions to this electronic billing requirement.
ASCA self-assessable situations are described in the ASCA self assessment page in this section of the CMS web site. In some cases, providers are required to submit a written request to their Medicare contractor to receive permission to submit some or all of their claims on paper.
A/B MACs and DME MACs are required to contact providers that appear to be submitting high numbers of paper claims to verify that those providers meet one or more of the exception criteria for continued submission of their claims on paper.