trellis health partners - Medical Billing Software and 
Medical Billing Services powered by vera practice control®
Home | Products | Services | Support | About Us | Contact Us | Careers | Sign In
vera practice control trellis billing services trellis consulting services

HIPAA

HIPAA Statement

Trellis Health Partners, Inc. has been a supporter of HIPAA well ahead of compliance deadlines. We have fully embraced the HIPAA standards that bring great efficiency to the healthcare industry.

Security and privacy have always been top concerns for our organization and we continually take steps to ensure our software, networks and policies coincide with privacy laws including the requirements of HIPAA. As per the regulation mandates, we support the national standards for EDI transactions such as ANSI X12 and standardized code sets such as CPT-4 for procedures and ICD-9-CM for diagnosis. Our vera practice control® and vera claim control products support the required ANSI transactions and code sets. With our extensive commitment to research and development, we will continually update our systems to support the required formats and new codes sets such as ICD-10.


This HIPAA statement is not intended to be a legal guide or legal advice. The information contained here is to inform customers and concerned parties about the ongoing actions and steps Trellis Health Partners, Inc. has taken to meet the requirements of HIPAA.

HIPAA Information

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996 with the goals of health insurance reform and administrative simplification. To accomplish these goals, standards for transmitting health insurance information electronically were established along with requirements for maintaining privacy and security of patients' Protected Health Information (PHI).

For details about the law, visit the following government web site links:

Centers for Medicare & Medicaid Services (CMS) HIPAA information page

Department of Health & Human Services (HHS)/Office for Civil Rights (OCR)

The software that your organization uses cannot alone make you HIPAA compliant. Being "HIPAA compliant" refers to meeting all the requirements of HIPAA. Using HIPAA approved electronic transactions formats and code sets are a portion of being compliant but there are many other requirements related to patient privacy and security procedures. You should seek the advice of a qualified consultant and/or refer to the information provided by CMS and HHS to determine all the steps you need to take to become and remain compliant.


HIPAA Transactions Sets

In response to the HIPAA requirements, Trellis Health Partners, Inc. has created the software products:

vera practice control® and vera claim control™

These products offered by Trellis Health Partners, Inc. are capable of creating and conducting Electronic Data Interchange (EDI) transactions in the ANSI X12 formats as required by HIPAA.

To achieve compliance, you must be sure to use the approved code sets.

Additional information about the transactions and code sets can be found using the following links:

Washington Publishing Company - HIPAA implementation guides


HIPAA Privacy Rule

This portion of the law deals with protecting the privacy of patients' Protected Health Information (PHI). The deadline for following these requirements began on April 14, 2003 (or April 14, 2004 for small health plans), but, unlike the situation with transactions and code sets, there have been no contingency exceptions regarding adhering to the requirements of the Privacy Rule. The Privacy Rule mandates that a HIPAA covered entity must have appropriate policies and procedures for limiting access to information that is considered PHI and when/how PHI can be shared with other parties.

HIPAA ready software like vera practice control® and vera claim control™ can assist in following the Privacy Rule with features like password protected login and encrypted transmission of EDI data. However, the bulk of the steps your organization needs to take involve written policies, employee training and other administrative changes.

Trellis Health Partners, Inc. recommends that you seek the advice of a qualified consultant to determine the policies and procedures you need to become and remain compliant as required by the Privacy Rule.


HIPAA Security

Related to privacy, the Security Rule deals with the requirements for health information stored electronically and the steps a covered entity needs to take to keep patients' PHI secure. The Security Rule compliance deadline is April 20, 2005 (or April 20, 2006 for small health plans).

This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.

HIPAA ready software like vera practice control® and vera claim control™ can assist in following the Security Rule with features like password protected login and encrypted transmission of EDI data. However, most of the steps your organization needs to take involve securing your facilities and electronic equipment as well as written policies, employee training and other administrative changes.

Following the Security Rule involves consideration of the specifics of your physical location, computer network, handheld devices, wireless devices, Internet connections and all places where the security of PHI must be protected. In addition to policies, training and administrative changes, your compliance will involve security practices considered appropriate to protect PHI such as data firewalls, data encryption, network password policies, and the security of your facility.

The standard does not address the extent to which a particular entity should implement the specific features. Instead, the rule requires that each affected entity assess its own security risks to devise, implement and maintain appropriate security that address its business requirements. How individual security requirements are satisfied is a business decisions that each organization will have to make.

Because security is intertwined with privacy, covered entities must implement security procedures before the deadline. The scope of requirements for the Security Rule are complex ranging from data networks and equipment to securing your physical locations.

Trellis Health Partners, Inc. recommends that you seek the advice of a qualified consultant to determine all the steps you will need to become and remain compliant as required by the Security Rule.




This statement was last updated 3/1/2010. This version replaces and supersedes all previous statements.



home  -  products  -  services  -  support  -  medical billing  -  consulting  -  links  -  about us  -  contact us  -  careers  -  hipaa