The United States Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996. It includes the Administrative Simplification Section which has the objective of reducing costs through computer automation while ensuring the privacy, confidentiality and security of patient’s health information. It also includes national standards for electronic transactions between payors and providers, and requires all payers and providers to comply with these standards.

By April 14, 2003, all physicians are required to be fully compliant with HIPAA’s privacy policy. The same year October 16, 2003, all physicians and payors are required to be compliant with HIPAA’s national transaction standards. The security regulations are expected to be enforced in 2004. We at ‘Apollo’ have been committed to help our physicians in achieving HIPAA compliance.


Privacy and Confidentiality

HIPAA requires all covered entities (providers, payors, clearing houses) and their business associates who have access to protected health information (PHI) to protect patient privacy and confidentiality. This is how Apollo helps a physician enforce HIPAA privacy requirements:

  • Patient is served a Notice of Privacy Practices at the time he is making an appointment online. The same notice is available to be printed and signed by the patient by just a click at the ‘Apollo Check in/Check out screen’.
  • Notice of Authorization for release of patient information which allows providers to release PHI to payors and other entities is also available to be printed by just one click.
  • Patient has access to all his medical information online. He also has the authority to release his information and can amend his personal information online.
  • The designated officer at Apollo enforce HIPAA policies and regulations
  • All business associates of Apollo are either HIPAA certified or they have to sign and enforce privacy and security agreements according to HIPAA guidelines

Security

There are several guidelines (currently in draft form) that will form the HIPAA security regulations and they will likely become compliance requirements for providers in 2004. We at Apollo are closely monitoring these guidelines in order to be able to help our physicians implement them effectively and efficiently. Apollo has taken the following measures to enforce administrative, technical, and physical security of the patient information.

  • In Apollo, audits trails keep an audit of all accesses and edits to patient records
  • Unique and confidential user identification number and passwords to access any patient information is required
  • Auto-logoff of user accounts after a specified period of time to help prevent unauthorized access
  • All Apollo staff and business associates are required to sign and follow strict security contracts to ensure security of patient information
  • Apollo is hosted at an extremely secure facility which is HIPAA certified. The patient information is secured both physically and technically.
  • 128-bit encryption, Secure Socket Layers (SSLs) and firewalls protect all system data.
  • Application and Database servers are accessible only by extremely secure connections by limited and authorized personal

Electronic transactions

HIPAA mandates that all electronic exchanges of health information should be conducted according to specific standards. Under this requirement, as of October 16, 2003, all current electronic transaction formats for claims, eligibility, remittance and other functions must be replaced by a nationally standardized set of transaction formats. This is the ANSI X12 format. At Apollo we have built our Electronic Data Interface (EDI) based on all such ANSI X12 formats.

The Apollo EDI produces HIPAA compliant files for all such functions (837 for claims, 270 for eligibility verification etc). Apollo EDI also receives and parses all HIPAA compliant files received (835 for remittance advice etc.). In future EDI enhancements will also be based on HIPAA compliancy. At Apollo we are systematically testing ANSI claims on a payor by payor basis to address payor specific companion guidelines. We are willing to clear and provide any 3rd party certification if requested by any of our physician even if it is not required by HIPAA.