A HIPAA message -- Are we done yet?

HIPAA, the "Health Insurance Portability and Accountability Act of 1996," provides federal protection of patient health information. This HIPAA-related message is part of UNMC's continued effort to educate employees. Today's HIPAA message addresses the status of HIPAA implementation and compliance.

Question: What is the status of HIPAA implementation and compliance?

Even though the majority of the regulations have been implemented, compliance is an ongoing responsibility. Here is an update on the HIPAA regulations:


  • Effective date: April 14, 2003
  • Continue to use and disclose PHI on a need to know basis only to perform assigned duties.
  • More than 12,000 privacy complaints have been filed nationwide with the Office of Civil Rights.


  • Effective date: April 20, 2005
  • Organization has implemented required information security policies and procedures.
  • Training regarding proper information security practices will continue.
  • Business Associate agreements have been modified to include required information security contractual language.

ET&CS (Electronic Transaction and Code Sets Regulations)

  • Requires standardized billing formats for electronic claims flowing between health care providers and payers. Administrative simplification projected to save billing costs within the healthcare industry.
  • Ten different billing information areas are impacted. The government has not yet published all regulations.
  • Organization has implemented electronic professional and hospital claims formats (called 837s) and remits (payment back to hospital from payer; called 835s).

A proposed HIPAA Enforcement Rule was published April 18, 2005. The government is expected to start levying civil fines and penalties under this rule. The Department of Justice has already levied criminal penalties under HIPAA.

Continue to be vigilant in safeguarding protected health information.

If you have questions and/or suggestions, contact: Sheila Wrobel, privacy officer, swrobel@unmc.edu; or Sharon Welna, information security officer, swelna@unmc.edu.

If you're a manager, please ensure all of your employees are informed of the contents of these emails and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this e-mail or distributing it.