• Awareness
  • Advance Care Planning
  • Avian Flu
  • Fraud & Abuse
  • Generic Drugs
  • HIPAA
    • Compliance
    • Notice
  • Measles
  • Obesity
  • Rising Cost of Health Care
• Community Events
• Promoting Healthy Living
• Awards
• Corporate Giving

HMSA’s HIPAA Compliance

We monitor HIPAA regulations and compliance issues and participate in health care industry discussions on an ongoing basis to ensure HMSA’s continued compliance.

Key regulations and compliance dates are listed below:

Standards	Description	Compliance Date
National Provider Identifier	A national, standard identifier for health care providers. The National Provider Identifier (NPI) is required for all electronic transactions governed by HIPAA.	May 23, 2007
Security	Safeguards for protected health information (PHI) including storage, maintenance, transmission and access.	April 20, 2005
Electronic Health Care Transactions & Code Sets	A standard format for electronic transmission of certain administrative or financial information. National standards for coding medical procedures, prescription drugs and diagnoses.	Oct. 16, 2003
Privacy	Policies and procedures for authorization, notice of privacy practices, members’ rights, minimum necessary uses and disclosures of PHI. HMSA Membership Notice	April 14, 2003

National Provider Identifier (NPI)

HMSA has modified our systems to accommodate the use of NPI in HIPAA-covered transactions, such as claims, remittance advices and eligibility inquiries.

Security

HMSA’s security policies, procedures and practices are consistent with the HIPAA security regulations and generally accepted industry practices. We continue to assess our information security program and make improvements as necessary.

Electronic Health Care Transactions & Code Sets

HMSA uses HIPAA-standard formats for all electronic health care transactions governed by HIPAA.

Privacy

HMSA’s policies meet HIPAA Privacy regulations and our privacy policies include:

• Notifying members about their privacy rights and how their information can be used.
• Implementing privacy policies and procedures to assure member rights to privacy.
• Employee training on privacy policies and procedures.
• Designating an individual responsible for seeing privacy policies and procedures are adopted and followed.
• Securing records with confidential member information and providing access only to those who need them.

HMSA’s Privacy Office oversees activities related to our members’ confidential information and works with members exercising the rights under HIPAA Privacy regulations.