• Contact Us |
• Search Tips |
• Site Map

• Claims/Billing
• Electronic Data Interchange
• FAQs
• Fee Schedule
• Forms
• Manuals
• Pharmacy Services
• Prior Authorization
• Provider Search
• Provider Enrollment
• Preferred Drug List
• Presumptive Eligibility
• Provider Education
• Verify Member Eligibility
• Access Provider Profile
• Check Claims Status

Privacy

• Providing Services
• Billing and Remittance
• Electronic Data Interchange (EDI) Solutions
• Web interChange
• Claims Administrative Review and Appeal
• Provider Education
• Manuals
• Forms
• State Plan
• Health Insurance Portability and Accountability Act (HIPAA)
  • Transactions and Code Sets
  • Identifiers
  • Security
  • Privacy
  • FAQs - HIPAA
• Web Toolkit
• Medicaid Rehabilitation Option (MRO)
• IHCP Glossary
• FAQs - Top 10 Questions
• EHR Incentive Program
• ICD-10 Information

• Provider Home 
• / General Provider Services 
• / Health Insurance Portability and Accountability Act (HIPAA) 
•  Privacy 

Privacy

On March 27, 2002, the Department of Health and Human Services (HHS) proposed modifications to some of the standards in the Rule entitled Standards for Privacy of Individually Identifiable Health Information.  Public comment was solicited for only 30 days. During this comment period, the Department received over 11,400 comments.

The Department modified certain standards and published the final Privacy Rule August 14, 2002.  The final rule was effective on October 15, 2002.

As stated in the final Rule summary, "The purpose of these modifications is to maintain strong protections for the privacy of individually identifiable health information while clarifying certain of the Privacy Rule's provisions, addressing the unintended negative effects of the Privacy Rule on health care quality or access to health care, and relieving unintended administrative burdens created by the Privacy Rule."

The HHS Office for Civil Rights (OCR) released an updated guidance document for the Privacy regulations on December 4, 2002.  The document can be found at http://www.hhs.gov/ocr/hipaa/whatsnew.html under the What's New section.

IHCP Notice of Privacy Practices

Pursuant to the HIPAA Privacy Rule that went into effect April 14, 2003, the Indiana Health Coverage Programs (IHCP) started mailing the IHCP Notice of Privacy Practices to all active IHCP members March 19, 2003.  All active members received a copy of the notice prior to the required compliance date and on an ongoing basis, new IHCP members receive a copy of the notice shortly after program enrollment.

A copy of the IHCP Notice of Privacy Practices is available for reference and can be found in bulletin BT200909.

Business Associate

The Office of Medicaid Policy and Planning (OMPP) received inquiries about the need for a business associate agreement between providers and the Indiana Health Coverage Programs (IHCP).  According to the HHS OCR guidance published, December 4, 2002, for the Privacy Rule, providers are not generally considered business associates of health plans.  If the only relationship between the provider and the health plan is submission and payment of claims, the provider is not considered a business associate of the health plan.

An accounting firm, which provides accounting services to a health care provider and must access protected health information, is considered a provider's business associate.  Also, accreditation agencies, such as the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), are considered business associates of accredited entities.  For additional information about the requirements for a business associate relationship, please refer to 45 CFR 160.103.