There are many different types of Business Associates who are working with the Nebraska Department of Health and Human Services (DHHS), providing different health-related services in behalf of the state. This business relationship is affected by HIPAA rules.
Below are some basic concepts regarding HIPAA. You may read about HIPAA in many places on the Web, from the Federal government, and from healthcare-related literature.
What does "HIPAA" stand for? HIPAA is the acronym for the Health Insurance Portability & Accountability Act of 1996 (Public Law 104-191). It is a set of federal laws that cover all aspects of healthcare services in the U.S.
There are three major sections of HIPAA that you should be aware of: Privacy, Security, and Transactions. Privacy deals with handling information, focusing on behaviors and work flows; Security deals with technological protection of confidential information, addressing technology set-up and tools; Transaction describes national standards of data transmission, focusing on data field definition.
Why are HIPAA laws created? For the State and its partners in healthcare delivery, the main purpose of HIPAA is to simplify daily processes, promote best-practice methods to conduct healthcare activities, and encourage the electronic transfer of administrative and financial health care data -- by replacing the many non-standard formats now being used nationally with a single set of electronic transactions, to be used by the entire health care industry. Other benefits of HIPAA include: patient's privacy protection, prevention of fraud, deterring of malicious system attacks, and overall efficiency of the entire health delivery system.
What changes will I experience due to HIPAA, as a Business Associate for the Nebraska DHHS? For a detailed list of changes to expect, look at the " Partner Responsibilities" page on these WebPages. But the most important link is " Business Associate Agreement". This is a HIPAA-required document that acts as a contract and a directive for privacy, safeguards, use and disclosure, protection of data, and more.
Of course, your organization also needed to become HIPAA compliant to the Privacy Rule on the 4/14/03 deadline. That will give us and our end-users -- the residents of Nebraska -- full assurance for our personal rights protection. Your compliance efforts will not be provided by the State, but we will help you with some basic knowledge and some recommendations.
What are examples of HIPAA implication for my relationship with State of Nebraska DHHS? Because of HIPAA requirements, you will need to set up policies, procedures and new software protection mechanisms (e.g., individual user accounts, usage tracking, privilege settings, back up and restore, redesigned functions for "minimum necessary" data on each screen), and understand how your organization is using (internally) and disclosing (externally) health information to your staff and your other partners.
Also, if your organization is exchanging information with the State of Nebraska, such as sending medical claims or requesting information on prior authorization and claims status, then you will need to begin setting up a " Trading Partner Agreement".
You will be working with the Nebraska Department of Health and Human Services. If you plan to submit claims electronically, then you will need to contact the Division of Medicaid & Long Term Care, MMIS (Medicaid Management Information System) at (402)471-9147.
Business Associates Section Homepage