What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
Why do companies have to abide by HIPAA?
Abiding by HIPAA is the law. If an organization secures information on an individual’s behalf or if an organization supplies Private Health Information on an individual’s behalf without direct authorization (verbal or written) from the member or a legally authorized agent, they are in violation of the law and are subject to a $10,000 fine per instance or violation.
How does TouchCare securely store their member’s personal health information?
TouchCare members are welcome to ask questions to our Health Assistants and Billing Specialists via our HIPAA secure portal, via phone, or via our HIPAA secure APP that is available via the app store for IOS and Android devices. Information is not shared with anyone outside of our organization without our member’s direct consent. All documents, questions and information is stored securely for seven years (per legal security requirements aligning with HIPAA security laws).
Are TouchCare employees HIPAA certified?
Yes. As part of our onboarding process, everyone on the TouchCare team is HIPAA certified. Internal HIPAA certifications are renewed annually. Additional training is provided for employees regarding resources and protocol, quarterly.
What does TouchCare require from employees who need our assistance when Health Assistants or Billing Specialists have a need that involves TouchCare contacting health insurance companies or providers on a member’s behalf (doctors / specialists / facilities)?
Carriers (Insurance companies):
In order to secure information on a member’s behalf, TouchCare requires members to complete a HIPAA authorization form. Insurance companies require outside entities (like TouchCare) to use their carrier-specific forms. After the form is completed by the member TouchCare will send the form to the health insurance carrier via the carrier’s preferred method. Some carriers require lengthy processing timeframes. When this is the case, a three-way authorization call might be suggested (between the carrier, the member, and the TouchCare representative) to begin the resolution process while the form is being processed by the carrier. This method is requested in time-sensitive situations.
Providers (Doctors / Facilities / Specialists):
TouchCare has established a simple docusign preauthorization form for members to complete virtually. This form sufficiently allows TouchCare representatives to speak to a provider, facility or private healthcare entity on a member’s behalf. These forms are not accepted by carriers (health insurance companies) per the information stated in this section.
How long are HIPAA authorizations valid once a form has been completed?
HIPAA authorizations are valid for the dates that are specified on the HIPAA authorization form. We advise that members complete the HIPAA authorization allowing TouchCare to speak on their behalf from the beginning of their medical effective date (when their plan year begins), to the end of their medical effective date (when their plan year ends). If a HIPAA authorization has been provided for the member’s full plan year, TouchCare has the ability to contact the carrier for multiple instances without requesting additional HIPAA forms.
Will a TouchCare representative guide members through completion of HIPAA authorization forms?
Of course! Although these forms are fairly self explanatory, TouchCare is always here to assist with any questions our members might have. We recognize this extra step might be frustrating for some and we are here to ease the process as much as possible. We are committed to helping our members every way we can and we are committed to ensuring a safe, secure and compliant process.