Horizon (and its affiliated covered entities) is considered a health plan under federal law and a covered entity under the Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191 (HIPAA). This means that Horizon is subject to the administrative simplifications requirements of HIPAA, including its regulations on electronic standard transactions and code sets, privacy, security and National Provider Identifier (NPI), just as you are, if you or your business associates on your behalf, engage in electronic health coverage transactions, such as for medical claims or Notice-of-Admission submissions.
Hospitals are responsible for complying with all applicable state and federal laws and regulations regarding the privacy and security of medical records and other individually identifiable (protected) health information, which Horizon calls Private Information. In addition, for those hospitals which are “covered entities” under HIPAA, that includes the obligation to comply with the privacy and security requirements of HIPAA, its NPI requirements and many of its other rules. As you know, the federal rules generally allow you to use and disclose Private Information without an authorization from your patient for treatment, payment and health care operations (TPO) as well as for a number of other permissible purposes. This includes uses and disclosures made for the TPO purposes of other covered entities, like Horizon (with limited exceptions).
If you have questions in reference to HIPAA, we suggest that you contact HIPAA consultants and/or attorneys. Information in this manual is accurate as of the date of publication; however, Horizon may change policies or procedures as required by HIPAA and other regulatory requirements. Horizon will communicate these changes via routine communication vehicles such as our network newsletter, Blue Review, special mailings, HorizonBlue.com/providers, or NaviNet.net.