|  | Login to MyCompBenefits.com |  | | HIPAA FAQs for Providers
The Health Insurance Portability and AccountabilityAct ("HIPAA") Frequently Asked Questions Vision Providers
The following information is provided as a courtesy to our providers to address frequently asked questions about HIPAA and is not intended as legal advice.
As a vision care provider do I have to comply with HIPAA?
If you engage in electronic transactions for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers, then you will be considered a "Covered Entity" under HIPAA, and must comply with the Privacy, Security and Electronic Transaction and Code set requirements.
If you do not engage in electronic transactions for which standards have been adopted by the Secretary under HIPAA, then you will not be considered a "Covered Entity" under HIPAA and will not have to comply with the Privacy, Security and Electronic Transactions and Code set requirements, HOWEVER, by virtue of your relationships with health plans, insurers, or facilities, you may be indirectly required by through these relationships to comply in whole or in part with the HIPAA requirements.
Do I need to have a Business Associate Agreement with VisionCare Plan/Primary Plus in order to see patients or submit claims?
No. HIPAA does not require that a Business Associate Agreement be in place for: 1) functions related to treatment; or 2) when a health care provider discloses protected health information to a health plan for payment purposes; or 3) when the health care provider simply accepts a discounted rate to participate in the health plan's network of providers.
Does VisionCare Plan/Primary Plus have to provide me with written authorization from the patient in order for me to release supporting medical documentation for a claim?
No. Any function that falls under treatment, payment or health care operations ("TPO") does not require an authorization from the patient in order for protected health information to be released to the plan. Claims are considered "payment".
Does VisionCare Plan/Primary Plus have to provide me with written authorization from the patient in order for me to assist with, or provide protected health information for the patient grievance resolution process?
No. Any function that falls under treatment, payment or health care operations ("TPO") does not require an authorization from the patient in order for protected health information to be released to the plan. Resolution of patient grievances is considered "health care operations".
Does VisionCare Plan/Primary Plus have to provide me with written authorization from the patient in order for me to allow a records review and/or site visit in connection with the credentialing, recredentialing or Peer Review process? No. Any function that falls under treatment, payment or health care operations ("TPO") does not require an authorization from the patient in order for protected health information to be released to the plan. Credentialing, recredentialing and Peer Review activities are considered "health care operations".
Where can I go on the Internet to get more help and information regarding HIPAA?
The Centers for Medicare and Medicaid Services ("CMS") has a considerable amount of information regarding HIPAA posted on their Web site, including "HIPAA 101" and information that is specifically geared towards providers. You can find this information at http://www.cms.gov/hipaa/hipaa2/default.asp.
|  | |  |  |  | |