BLUE SHIELD OF CALIFORNIA
APPROACH TO HIPAA COMPLIANCE
Blue Shield’s Approach to HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) affects every aspect of operations at Blue Shield of California.
Regulations will govern the transmission, maintenance, security and privacy of electronic health information transmitted by health plans, medical providers, certain self-funded employer health plans, and electronic clearinghouses transmitting data between providers and payers or between employer groups and health plans.
Title II of the Health Insurance Portability and Accountability Act (HIPAA – Administrative Simplification) includes a broad range of regulations, including:
- Administrative simplification: The goal of administrative simplification is to improve the efficiency of health care delivery by standardizing and promoting electronic transactions through electronic data interchange (EDI) for exchanging data.
HIPAA mandates standards for EDI transactions and code sets. It establishes uniform health care identifiers for providers, health plans and employers. These requirements affect all covered entities that conduct electronic transactions.
The deadline for implementation of the transactions is October 16, 2003.
Administrative simplification is important because it will make business practices (the billing, claims, computer systems and communication) uniform — providers and payers won’t have to continually modify their systems to interact with different parties.
The mandated electronic transactions cover the nine most common interactions between health plans, providers and employer groups. Industry estimations indicate an average of 26 cents of each healthcare dollar is currently spent on activities which include the tasks targeted by HIPAA.
- Privacy: The privacy regulations provide rules for handling and safeguarding the personal and health information (PHI) of individual members. PHI includes almost all individually identifiable information about members. Privacy regulations affect all covered entities and, to some degree, their business associates and trading partners.
- Security: The final version of the security regulations was published in February 2003 with a final compliance date of April 2005. The security requirements deal with systems, security measures, controlling access to electronic data and the physical safeguarding of member PHI.
Why Is This Important?
- In an age when privacy and security are getting harder to maintain, the privacy and security of personal medical information is coming under tremendous scrutiny — organizations that fail to ensure privacy and security will be held responsible.
PO Box 272540
Chico, CA 95927-2540
Telephone number: (888) 266-8080
Fax number: (800) 201-9020
Electronic Data Interchange (EDI) Transaction Status
We are currently testing our HIPAA-mandated transactions.