International Center for Chiropractic Office Management

"ICCOM, A Leader in Chiropractic Office Management and Compliance Training" 

Member Login


2013 New HIPAA Rules Issued - Changes Required for Providers and Business Associate 


On January 17, 2013, the Office for Civil Rights of the U.S. Department of Health & Human Services ("OCR") issued its long-awaited final rule modifying the HIPAA privacy, security, enforcement, and breach notification rules. The final rules will become effective on March 26, 2013, and compliance will be required by September 23, 2013. The new rules may be viewed in the Federal Register.


Read More

PURCHASE NOW:  HIPAA Privacy and Security Manuals

Understanding HIPAA

There are 5 parts to the HIPAA Law.

  1. HIPAA Privacy Standards
  2. HIPAA Security Standards
  3. Transactions and Code Sets Standards
  4. Employer Identifier Standards
  5. National Provider Identifier Standard
HIPAA Enforcement Rule
Business Associates
Responding to a Complaint/Complaint Information

The HIPAA Rules apply only to covered entities.  Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.  If an entity is not a covered entity, it does not have to comply with the HIPAA Rules.

Who Must Comply?

This includes providers such as:

  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing Homes
  • Pharmacies

But only if they transmit any information in an electronic form in connection with a   transaction for which HHS has adopted a standard.

HIPAA Privacy: Compliance date, April 14, 2003

The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. HIPAA Privacy Rule covers all protected health information whether paper or electronic.

 Learn More


HIPAA Security:  Compliance date, April 20, 2005

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. HIPAA Security Rule covered electronically stored and transmitted protected health information.

Learn More


Back to top

Transactions and Code Sets  Compliance date: October 16, 2003

Transactions are activities involving the transfer of health care information for specific purposes. Under HIPAA, if a health plan or health care provider engages in one of the identified transactions, they must comply with the standard for it, which includes using a standard code set to identify diagnoses and procedures.  The Standards for Electronic Transactions and Code Sets, published August 17, 2000 and since modified, adopted standards for several transactions, including claims and encounter information, payment and remittance advice, and claims status  Any health care provider that conducts a standard transaction also must comply with the Privacy Rule. 

Learn More


*The compliance date for upgrading to Version 5010 standards for electronic health transactions was January 1, 2012; CMS enforcement discretion is in place until June 30, 2012.  READ MORE

*October 1, 2014, ICD-10 Code Sets for medical diagnosis and inpatient procedures  READ MORE

Back to top

Employer Identifier Standard Compliance date, July 30, 2004

HIPAA requires that employers have standard national numbers that identify them on standard transactions. The Employer Identification Number (EIN), issued by the Internal Revenue Service (IRS), was selected as the identifier for employers and was adopted effective July 30, 2002. 

Learn More

National Provider Identifier Standard Compliance date, May 23, 2007

HIPAA requires that health care providers have standard national numbers that identify them on standard transactions.  The National Provider Identifier (NPI) is a unique identification number for covered health care providers. Covered health care providers and all health plans and health care clearinghouses use the NPIs in the administrative transactions adopted under HIPAA. The NPI is a 10-position, intelligence-free numeric identifier (10-digit number). This means that the numbers do not carry other information about healthcare providers, such as the state in which they live or their medical specialty. 

Learn More


Back to top


The HIPAA Enforcement Rule

The HIPAA Enforcement Rule contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA Administrative Simplification Rules, and procedures for hearings.  The HIPAA Enforcement Rule is codified at 45 CFR Part 160, Subparts C, D, and E.

Passed as part American Recovery and Reinvestment Act of 2009, the HITECH Rule (The Health Information Technology for Economic and Clinical Health Act) allowed for stricter enforcement and hire penalties under HIPAA.  READ MORE

Business Associates

The HITECH Act of 2009 expanded the responsibilities of business associates under the Privacy and Security Rules. HHS is developing regulations to implement and clarify these changes.  READ MORE


Responding to a complaint 

Learn More


If a patient comes to you stating they want to file a complaint against you, you must facilitate their ability to do so.  This is all you need to do.  Print this form and hand it to them.  COMPLAINT INFORMATION

If you receive a letter from the Regional Office of OIG, cooperate with them.  At the moment they are working diligently with doctors to help them get into compliance.  I do not know what that will end. The following letter is an actual letter that was received by one of my doctors.

Investigation Letter (Page1)

Investigation Letter (Page2)

Ask Edie a HIPAA Question 

Powered by Wild Apricot Membership Software