Last Updated: February 9, 2006

Overview

Passport Health Communications understands the challenges and opportunities HIPAA regulations present to the healthcare industry and is working to address them. We expect to be in full compliance with all applicable HIPAA regulations on or before any deadlines. To meet this objective, Passport began internal HIPAA education and awareness training in 1999. We have sent designated employees to numerous HIPAA conferences and seminars as well as national committee and subcommittee meetings. A HIPAA task force was established, and specific staff members were assigned responsibility for HIPAA compliance and appointed as security, privacy, and compliance officers. Management received internal HIPAA awareness training. Moreover, privacy and security policies have been implemented internally. Formal work to implement HIPAA policies and procedures continues. The sections below address progress to date.

Transactions and Code Sets

The Standards for Electronic Transactions and Code Sets were finalized on August 17, 2000. For most organizations the original compliance deadline was October 16, 2002. An extension was available until October 16, 2003 for covered entities that file a compliance plan with the Department of Health and Human Services (DHHS). Passport received an extension in August of 2002. Passport has already implemented the standard transaction sets (for payers and clearinghouses that support them) for Eligibility Verification and Response (270/271), Referrals (278), and Claims Status (276/277), and Remittance Advice (835).

Because Passport can be defined as a "clearinghouse" under the HIPAA regulations, we plan to offer the ability to accept an eligibility verification request (270) and to reply with the response (271) for payers that don't support the standard transactions and desire to use us for their transaction compliance solution.

Passport is currently using HIPAA compliant ASC X12N version 837 v4010A transactions with all of its payer and outbound clearinghouse connections. Passport is certified for the 270, 271, 276/277, 278, inbound 835, and outbound 837 transactions with Claredi Corporation. We will continue to upgrade our interfaces as new versions (4050, 5010, etc.) are adopted.

Privacy

The Standards for Privacy of Individually Identifiable Health Information were finalized on April 14, 2001. The compliance deadline was April 15, 2003. Passport Health Communications demonstrates a firm commitment to privacy and confidentiality by protecting confidential information from inappropriate access and disclosure. Each person working at Passport is responsible for protecting confidential information and preserving the privacy of subscribers, clients, and employees. Each employee signs a confidentiality and non-disclosure document stating that he or she will preserve confidentiality in conversations and in the handling, copying, faxing, and disposing of protected health information. Only persons with an officially-granted account may access Passport computer systems and networks, and all require passwords. Each person is liable for all activity occurring under his or her account. Passport has finalized the required privacy policies and procedures to meet the privacy guidelines established in the regulations. The Passport workforce has received privacy training and will continue to receive on-going training as needed.

Security

The Standards for Security and Electronic Signatures were finalized on February 20, 2003. The compliance deadline was April 21, 2005. The general intent of the security regulations is closely aligned with the existing design of Passport systems and with our existing security measures and processes. The Passport security model establishes the appropriate safeguards to protect electronic health care information that may be at risk. Passport protects an individual's health information while permitting the appropriate access and use of that information which ultimately promotes the use of electronic health information in the industry. Specific documents addressing Passport's current security processes and procedures are available through Passport Sales or Customer Support. Passport's security policies and procedures meet the security guidelines established in the HIPAA regulations. The Passport workforce has received security training and will continue to receive on-going training as needed.
 

Identifiers

The Standards for a National Standard Employer Identifier and a Health Care Provider Identifier will not present a problem for Passport, since they will be treated by our system as just another identification number for each of these entities. The X12 transactions will readily accept these identifiers.

Passport HIPAA Contact