 |
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires health insurance carriers to meet a variety of new regulations over the next several years regarding areas such as electronic transactions, the privacy of patient information and data security.
Below is the current status of VSP compliance efforts regarding each HIPAA regulation that affects our organization. Additional information about VSP's HIPAA compliance efforts can be found on our Web site.
Transactions
VSP became compliant with the Transaction Rule effective October 16, 2003.
| HIPAA Standard | VSP Status |
| Administrative Simplification Compliance Act (ASCA) extension | VSP filed for the extension to the Transaction Standard Rule on May 30, 2002. VSP has obtained an extension that covers all vision care benefit plans administered by VSP for its clients. |
| 834 Enrollment and Disenrollment transaction to provide enrollment data, including subscriber, dependent and employer information | VSP is currently trading the 834 Enrollment transaction in the HIPAA compliant version 4010. An Implementation Guide and Connectivity Guide are available upon request. |
| 837 Encounter Reporting transaction, originating with a health plan and provided to another health plan for the purpose of reporting healthcare encounter information | VSP is currently trading the 837 Encounter Reporting transaction and is Claredi-certified as having the capability to send an outbound 837 Healthcare Claim: Professional (Encounter) transaction. Claredi's Internet site, www.claredi.com, contains an explanation and details of the certification. VSP has contacted the affected clients confirming availability and readiness to schedule testing. |
| 820 Health Plan Premium Payment transaction, enabling employers and plan sponsors to make premium payments to health plans | VSP has completed the 820 Premium Payment transaction development. VSP conducted client pilot testing and will respond to client requests to trade. |
| Use of a clearinghouse for standard transactions. | VSP will be utilizing the services of our clearinghouse, Eyefinity, to facilitate transactions between VSP and its doctors. |
Privacy
VSP became compliant with the Privacy Rule effective April 14, 2003.
| HIPAA Regulation | VSP Status |
| Privacy Officer | VSP has appointed a Privacy Officer responsible for administering all VSP privacy policies, processes and training programs. |
| Notice of Privacy Practices (NPP) | VSP distributed its Notice of Privacy Practices to all self- administered plan clients during the month of March 2006. An electronic version of our NPP is available on our website at https://www.vsp.com/home/html/privacy.js. |
| Use and Disclosure of Protected Health Information (PHI) | Protected health information will only be used only for the purposes of treatment, payment, healthcare operations, or as otherwise required or permitted by law. |
| Business Associate Agreements (BAA) | VSP has developed a comprehensive list of all business associates and is implementing a BAA with each vendor or contractor that has access to PHI. |
| Minimum Necessary use of information | VSP has researched all disclosures to business associates to confirm that we are providing only that information which is necessary for the intended purpose. |
| Privacy Complaint Process | VSP has developed a process by which any VSP member may submit concerns about VSP's privacy policy. |
| Designated Medical Record Set | VSP has developed a designated record set. This designated record set contains data about the benefits and services a member has received. |
| Access to Protected Health Information (PHI) | VSP has developed and implemented a designated record set which can be provided to members upon request. VSP members may request a copy of their Protected Health Information (PHI) in VSP's Designated Medical Record set by calling Member Services or by accessing vsp.com. |
| Right to Request a Restriction of or Amendment to PHI | VSP has developed and implemented the processes necessary to support and respond to a member's request to request a restriction of or an amendment to PHI. Members may request a restriction or an amendment by calling Member Services. |
| Use of PHI for Marketing | VSP will not use protected health information for marketing purposes. |
Security
VSP became compliant with the Security Rule effective April 21, 2005.
| HIPAA Regulation | VSP Status |
| Security Officer | VSP has appointed a Security Officer responsible for administering and monitoring all VSP security functionality and policies. |
| Develop formal procedures addressing Administrative, Physical and Technical Security Services and Technical Security Mechanisms. | VSP has developed formal procedures addressing administrative, physical, and technical security services and technical security mechanisms. All members of VSP's workforce, including, but not limited to, employees, contingent workers, vendors, Board Members, and medical consultants receive training. |
|
|
|
