CompBenefits Logo
 
Home | Site Map | FAQs
Image
Login to MyCompBenefits.com
HIPAA FAQS FOR PROVIDERS
 
The following information is provided as a courtesy to our providers to address frequently asked questions about The Health Insurance Portability and Accountability Act ("HIPAA") and is not intended to be interpretive or legal advice.

As a provider, do I have to comply with HIPAA?
If you engage in electronic transactions for which standards have been adopted by the secretary under HIPAA, such as electronic billing and fund transfers, then you will be considered a "Covered Entity" under HIPAA and must comply with the Privacy, Security, and Electronic Transaction and Code set requirements.

If you do not engage in electronic transactions for which standards have been adopted by the Secretary under HIPAA, then you will not be considered a "Covered Entity" under HIPAA and will not have to comply with the Privacy, Security, and Electronic Transactions and Code set requirements. However, by virtue of your relationships with health plans, insurers, or facilities, you may be indirectly required through these relationships to comply in whole or in part with the HIPAA requirements.

Do I need to have a Business Associate Agreement with CompBenefits in order to see patients or submit claims?
HIPAA does not require that a Business Associate Agreement be in place for: 1) functions related to treatment; or 2) when a health care provider discloses protected health information to a health plan for payment purposes; or 3) when the health care provider simply accepts a discounted rate to participate in the health plan's network of providers.

Does CompBenefits have to provide me with written authorization from the patient in order for me to release supporting medical documentation for a claim?
No. Any function that falls under treatment, payment, or health care operations ("TPO") does not require an authorization from the patient in order for protected health information to be released to the plan. Claims are considered "payment."

Does CompBenefits have to provide me with written authorization from the patient in order for me to assist with or provide protected health information for the patient grievance resolution process?
No. Any function that falls under treatment, payment, or health care operations ("TPO") does not require an authorization from the patient in order for protected health information to be released to the plan. Resolution of patient grievances is considered "health care operations."

Does CompBenefits have to provide me with written authorization from the patient in order for me to allow a records review and/or site visit in connection with the credentialing, re-credentialing, or Peer Review process?
No. Any function that falls under treatment, payment, or health care operations ("TPO") does not require an authorization from the patient in order for protected health information to be released to the plan. Credentialing, re-credentialing, and Peer Review activities are considered "health care operations."

Where can I go on the Internet for more help and information regarding HIPAA?
The Centers for Medicare and Medicaid Services ("CMS") has a considerable amount of information regarding HIPAA posted on their Web site, including "HIPAA 101" and information that is specifically geared toward providers. You can find this information at www.cms.gov/HIPAAGenInfo/.

Copyright 2004-2007 CompBenefits Corporation.    Privacy Policy | HIPAA Policy | Terms of Use | Glossary | FAQs | Site Map
Home | About Us | Customers | Products & Services | News | Careers | Your Privacy Choices | Dental Provider Search | Vision Provider Search