Overview
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data.

Passport Health Communications understands the challenges and opportunities the HIPAA regulations present to the healthcare industry and consistently works to address them. Passport is in full compliance with all applicable HIPAA regulations finalized to date. A HIPAA and Risk Management task force has been established, and specific staff members have assigned responsibility for HIPAA compliance and have been appointed as security, privacy, and compliance officers. All levels of the Passport workforce have received internal HIPAA awareness training and receive additional training on an as needed and annual basis. Moreover, privacy and security policies have been developed and implemented to protect the privacy and security of individually identifiable health information. These policies are reviewed on a regular basis and modified as needed.

Passports HIPAA and Risk Management Team actively participates with governmental agencies, industry groups, and most importantly clients, to position Passport to meet, and to help our clients meet, the challenges of promoting compliance with HIPAA regulations.

Transactions and Code Sets
HHS published the initial rules for Electronic Transactions and Code Sets on August 17, 2000. Passport implemented those rules and was fully compliant with the regulations in August of 2002 pursuant to the extension timetable prescribed by HHS. Passport has implemented the standard transaction sets (for payers and clearinghouses that support them) for Eligibility Verification and Response (270/271), Referrals (278), and Claims Status (276/277).

Because Passport can be defined as a "clearinghouse" under the HIPAA regulations, we offer the ability to accept an eligibility verification request (270) and to reply with the response (271) for trading partners that do not support the standard transactions and desire to use Passport for their transaction compliance solution.

Passport is currently using HIPAA compliant ASC X12N version v4010A1 transactions and code sets with its payer and outbound clearinghouse connections. Passport will implement version 5010 of the standard transactions and code sets as required in the HHS updated regulation published in January 2009. Transitioning to the updated HIPAA formats will be coordinated by Passport to alleviate impact on providers and payers and will be completed to meet the HHS mandated timeframes.

Privacy
The Standards for Privacy of Individually Identifiable Health Information were finalized on April 14, 2001. The compliance deadline was April 15, 2003. Passport Health Communications demonstrates a firm commitment to privacy and confidentiality by protecting confidential information from inappropriate access and disclosure. Each person working at Passport is responsible for protecting confidential information and preserving the privacy of subscribers, clients, and employees. Each employee signs a confidentiality and non-disclosure document stating that he or she will preserve confidentiality in conversations and in the handling, copying, faxing, and disposing of protected health information. Only persons with an officially-granted account may access Passport computer systems and networks, and all require passwords. Each person is liable for all activity occurring under his or her account. Passport has developed and implemented the required privacy policies and procedures to meet the privacy guidelines established in the HIPAA regulations. The Passport workforce has received privacy training and continues to receive on-going training as needed. In addition, the Passport workforce is required to participate in annual privacy training.

Security
The Standards for Security and Electronic Signatures were finalized on February 20, 2003. The compliance deadline was April 21, 2005. The general intent of the security regulations is closely aligned with the existing design of Passport systems and with our existing security measures and processes. The Passport security model establishes the appropriate safeguards to protect electronic health care information that may be at risk. Passport protects an individual's health information while permitting the appropriate access and use of that information which ultimately promotes the use of electronic health information in the industry. Specific documents addressing Passport's current security processes and procedures are available through Passport Sales or Customer Support. Passport's security policies and procedures meet the security guidelines established in the HIPAA regulations. The Passport workforce has received security training and continues to receive on-going training as needed. In addition, the Passport workforce is required to participate in annual security training.

National Provider Identifier (NPI)
The Final Rule adopting the HIPAA standard unique health identifier for health care providers was published in the Federal Register on January 23, 2004. All health care providers are eligible to be assigned NPIs; health care providers who are covered entities must obtain and use NPIs. The date of compliance for all HIPAA covered entities to use NPIs was May 23, 2007; May 23, 2008 for small health plans). Passport is in full compliance with the NPI standard.

Passport HIPAA Contact
Patrick Harkins – Privacy Officer
Telephone: 610-944-0308
E-mail: patrick.harkins@passporthealth.com