|  Home  |        |   Forgot Password  |   Register  |   HIPAA  |   About Us  |   Services  |   Benefits  |   PayerLists / Forms  |   FAQ  |   Contact  |   Privacy  |   Help  |  

 



HIPAA Compliance Readiness Statement

Overview

The Health Insurance Portability and Accountability Act of 1996 Public Law 104-191 ("HIPAA") was passed by Congress with the intend to reform the insurance market and simplify health care administrative. Specifically the HIPAA Administrative Simplification is aimed at reducing the costs and administrative burdens of health care by adopting and requiring the use of standardized, electronic transmission of administrative and financial transactions. The Administrative Simplification also imposes requirement for the protection of private health information.

As a covered entity, as defined by HIPAA sections 160.102 and 160.103, Office Ally is dedicated to attain HIPAA compliance by the deadlines as provided by the regulation.

Furthermore, as a clearinghouse, Office Ally welcomes the opportunity to play a strategic role in the implementation of HIPAA and to assist providers of all sizes and all levels of technology in their efforts to reach and sustain HIPAA compliance.

Top

Definitions

Covered Entity
     45CFR160.103

Covered entity means one of the following:
  1. A health plan.
  2. A health care clearinghouse.
  3. A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter.
Health Care Clearinghouse
     45CFR160.103

Health care clearinghouse means a public or private entity that does either of the following (Entities, including but not limited to, billing services, repricing companies, community health management information systems or community health information systems, and "value-added" networks and switches are health care clearinghouses for purposes of this subchapter if they perform these functions.):
  1. Processes or facilitates the processing of information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction.
  2. Receives a standard transaction from another entity and processes or facilitates the processing of information into nonstandard format or nonstandard data content for a receiving entity.
Top

Compliance deadlines for the Administrative Simplification

Submission of compliance extension form for Electronic Health Care Transactions and Code Sets October 15, 2002
Electronic Health Care Transactions and Code Sets compliance date - except for covered entities who have filed the extension and small health plans October 16, 2002
Privacy - all covered entities to the exception of small health plans April 14, 2003
Electronic Health Care Transactions and Code Sets Testing - all covered entities must have started software and systems testing April 16, 2003
Electronic Health Care Transactions and Code Sets - all covered entities who had filed for an extension by October 15, 2003 and all small health plans October 16, 2003
Privacy - small health plans April 14, 2004
Employer Identifier Standard - all covered entities except small health plans July 30, 2004
Employer Identifier Standard - small health plan August 1, 2005


Top

Office Ally HIPAA Compliance Program

Office Ally has developed a comprehensive HIPAA Compliance Program in order to ensure compliance by the deadlines. This program addresses the Privacy rule as well as the Security Rule (i.e., Administrative, Physical Safeguards, Technical Security Measures and Technical Security Mechanisms). The program is presented below in its various stages of completion:

Appointment of HIPAA Compliance Officer January 1, 2003
Filing of Extension form for Electronic Health Care Transactions and Code Sets October 15, 2003
Development of training material January 13, 2003
Gap Analysis March 14, 2003
Disaster Recovery Plan strategy April 14, 2004
Development of translation tools from non-compliant to compliant transactions for all formats currently supported April 14, 2003
Development of translation tools from compliant to non-compliant transactions for all formats currently supported April 14, 2003
Testing with Third Party for ANSI format October 16, 2002
Training session for Office Ally personnel October 15, 2003
Development of Policies and Procedures April 14, 2004
Business Associate Agreement October 15, 2003


Top

Security and PHI

Protected Health Information (PHI)
     45CFR164.501

Protected health information means individually identifiable health information:
  1. Except as provided in paragraph (2) of this definition, that is:
    1. Transmitted by electronic media;
    2. Maintained in any medium described in the definition of electronic media at §162.103 of this subchapter; or
    3. Transmitted or maintained in any other form or medium.
  2. Protected health information excludes individually identifiable health information in:
    1. Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
    2. Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
    3. Employment records held by a covered entity in its role as employer.
To ensure protection of PHI, we have built and implemented our security solution with Internet Explorer 5.0+, Windows 2000, SSL, and a proprietary component (AspEncrypt). This tight integration allows us to provide:
  • Authenticated Logon.
  • Control over Access/Privileges to personal information
  • (SIDs) Personal Security Identifiers
  • Secure end to end Transmission of information
  • File integrity
Internet Explorer gives us a secure client-side environment to work in and thru an authenticated logon, allows only valid users to access our services. With windows 2000 your information is specially protected through industry standard security mechanisms and policies like the strict 'Principle of Least Possible Privilege' that governs clients and employees access to company systems and information. We have incorporates SSL to provide a secure end-to-end Transmission of data from the clients machine to our network servers. And, to ensure the users identity, if they are inactive for an extended period of time, the site will log them off and he or she will need to reenter their Username and Password.

Data is kept secure and private. We secure data files by encrypting and storing them on our servers. By encrypting files, we have significantly reduced the risk of unwanted eyes peering though data. Only our proprietary components have the ability decipher the encrypted data. This encryption also provides data integrity, which prevents any malicious attempt to manipulate the data that we have received from the submitter. As an added measure for non-repudiation, we track and log all user and employee transaction via (SIDs) Security Identifiers. Each user and employee is issued a SID, which uniquely identifies him or her in our system.

It is the policy of the Office Ally to encrypt the transmission of all personal or financial Web-based information that is transmitted between our site and your browser. The security standard SSL (Secure Sockets Layer) is used to implement this. SSL is the leading standard for securing World Wide Web transmissions.

The Office Ally website is certified by DigiCert Inc. Users can verify the validity of the certification on the website:

(img)

Valid Certificate

Authentic Sites use DigiCert Global CA SSL Web Server Certificates to offer secure communications by encrypting all data to and from the site. DigiCert Inc has checked and verified the company registration documents and the site's registered domain name. This information is included in the SSL certificate that we issue. This enables you to check the site's validity yourself. Always check a site's certificate before entering any sensitive information. Below are the details for OfficeAlly's certificate:
Organization:   OfficeAlly
Domain:   www.officeally.com
Country:   United States
Current Status:   Valid
Valid From:   02/18/2009
Valid Until:   04/04/2011


Top

Transactions

ANSI (American National Standards Institute) is an organization that accredits various standards-setting committees (i.e. ICD-9 and HCPCS). ANSI has accredited a group called X12 that defines EDI standards for many American industries, including health care insurance. Most of the electronic transaction standards mandated or proposed under HIPAA are X12 standards.

Office Ally has successfully tested with a third party vendor and is able to send and receive the following HIPAA compliant transactions:
  • Health Care Claim (837)
  • Health Care Payment/Advice (835)
  • Health Care Eligibility/Benefit Inquiry (270)
  • Health Care Eligibility/Benefit Information (271)
  • Health Care Status Request (276)
  • Health Care Status Notification (277)
  • Health Care Service Review Information (278)
  • Benefit Enrollment and Maintenance (834)
  • Payment Order/Remittance Advice (820)
Office Ally will continue to support non-standard format (NSF, Print Image, Text files, etc.) after the October 16, 2003 deadline, as provided by the legislation.


Top

Disaster Recovery Plan

The Office Ally site is hosted at Net-fire INC. - the second largest server farm in the country. Their state-of-the art backup and recovery procedures allow them to boast a 99.992 % uptime. In addition to the Net-fire backup and recovery procedures, Office Ally has its own backup and recovery procedures, tested the last weekend of every month.

When a provider file is uploaded to the Office Ally website, a copy of the encrypted file is immediately moved it to a backup server. Nightly, backup copies of the database are made. We estimate that we could retrieve these copies and be operational within 2 hours if needed. The data that would have been processed after the last backup can be reprocessed and applied to the database within 30 minutes.


Top

Disclaimer and Contact

The above information does not constitute any warranties of any kind and is provided for informational purposes only.

In the event that you need further information, please do not hesitate to contact Office Ally's HIPAA Compliance Officer:

Gloria Chung
Manager
HIPAA Compliance Officer
(866) 575-4120
Fax: (360) 896-2151
Gloria.Chung@OfficeAlly.com

Office Ally
16703 SE McGillivray Blvd. Suite 200
Vancouver, WA 98683
www.officeally.com
support@OfficeAlly.com

Top

Patient/Provider Eligibility - Screening - EDI
Contact |  Legal Terms & Notices |  Privacy
© 2008 OfficeAlly.com
sII