HIPAA

The Health Insurance Portability and Accountability Act is a federal law that establishes national standards for protecting sensitive patient health information and regulating electronic healthcare transactions.

HIPAA is the Health Insurance Portability and Accountability Act, passed in 1996. If you work in healthcare, HIPAA touches practically everything you do, from how you store patient records to how you bill insurance to how you communicate with other providers. For credentialing specifically, HIPAA is relevant in two major ways. First, it created the requirement for the NPI system. Before HIPAA, there was no universal provider identifier. Every payer used their own numbering system, which made tracking providers across different payers incredibly difficult. HIPAA mandated a single, universal identifier, which became the NPI. Second, HIPAA's Privacy Rule and Security Rule govern how your credentialing information is handled. When you submit your personal data, professional history, and financial information through a credentialing application, that data is protected. Payers and CVO organizations are required to safeguard your information and can only use it for the stated purpose. In practice, every provider needs to complete HIPAA compliance training and be prepared to demonstrate their compliance during credentialing. Some payer applications ask about your HIPAA training, your office's privacy practices, and whether you have a designated privacy officer. HIPAA violations carry significant penalties. Civil penalties range from $100 to $50,000 per violation, with an annual maximum of $1.5 million per violation category. Criminal penalties can include fines up to $250,000 and imprisonment. These are not theoretical. The Office for Civil Rights actively investigates complaints and issues penalties. The bottom line: HIPAA compliance is not optional, and payers will ask about it during credentialing. Make sure your training is current and your practice has proper privacy and security policies in place.