HIPAA and HITECH
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) established national standards for electronic healthcare transactions and for the security and privacy of healthcare data. It also required national identifiers for providers, health plans, and employers. The goal was to reduce costs and improve the efficiency of the healthcare system by standardizing and encouraging the electronic exchange of data. The initial compliance deadlines for most of the provisions in HIPAA have passed. The Health Information Technology for Economic and Clinical Health (HITECH) Act imposed new healthcare compliance obligations relative to privacy and security.
What has Quadax done to ensure compliance with HIPAA and HITECH?
As a business entrusted with patient health information and required to distribute that information electronically to other business partners, we understand our obligations under the HIPAA statute. We have made every effort to conform to those rules and regulations by modifying business procedures and computer systems to incorporate compliance requirements by the specified deadlines.
Transaction Standards and Code Sets. Quadax is using the standard ICD ©, CPT ©, and HCPCS codes on electronic transactions, and all transactions are Optum certified. Transactions are conducted in the ANSI 5010 format with all payers able to accept that standard.
Privacy Standards. Quadax has established internal guidelines and procedures to assure that no individual protected health information is disclosed except to authorized parties. Formal policies govern the conduct of employees regarding the confidentiality of patient information and specify penalties associated with breaches of such conduct.
Identifiers. National identifiers for employers are currently used on standard transactions. We have made the necessary program changes to our systems that have enabled the implementation of National Provider Identifiers (NPI). Payers are able to obtain a health plan identifier (HPID) through the CMS Health Plan and Other Entity Enumeration System (HPOES), but the full implementation date for using HPID in standard transactions is not until November 7, 2016. The rules have not been published for individual identifiers.
Security. The Quadax HIPAA Security Official is Gene Calai. Quadax has implemented the following measures to prevent unauthorized access to protected health information.
- Administrative procedures. Our HIPAA Security Official has established formal procedures regarding the security of protected data.
- Physical safeguards. Quadax production systems are housed in an SSAE-16 audited data center that is protected via FM-200 fire suppression, video camera surveillance, and 24x7 staff. Diesel generators producing 2.5 Megawatts of power, with 4,000 gallons of backup fuel, redundant UPS with 900kVA capacity and 540 tons of HVAC ensure that our servers are running cool. Physical entry into the Quadax corporate and branch offices is managed by an electronic access control system.
- Technical measures. The software used for our healthcare billing and clearinghouse operations has multi-level operator security controls and transaction logging with audit trails of activity. The Quadax Web site uses SSL encryption technology to protect the transmission of data over the Internet.