Quest Diagnostics 2005 Annual Report Download - page 31

Download and view the complete annual report

Please find page 31 of the 2005 Quest Diagnostics annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 118

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118

any providers are permitted to be donors of e-prescribing or EHR items or services, then all providers should
be entitled to the same protections afforded by the proposed safe harbor and self-referral prohibition exceptions.
We and ACLA, our trade association, are monitoring standards development, proposed legislation and
rulemaking proceedings and we are providing relevant information to policy makers to ensure that issues
important to medical laboratories are reflected in any interoperability standards, HCIT legislation and proposed
regulations.
Privacy and Security of Health Information; Standard Transactions
Pursuant to HIPAA, the Secretary of HHS has issued final regulations designed to improve the efficiency
and effectiveness of the healthcare system by facilitating the electronic exchange of information in certain
financial and administrative transactions while protecting the privacy and security of the information exchanged.
Three principal regulations have been issued in final form: privacy regulations, security regulations and standards
for electronic transactions.
The HIPAA privacy regulations, which fully came into effect in April 2003, establish comprehensive federal
standards with respect to the uses and disclosures of protected health information by health plans, healthcare
providers and healthcare clearinghouses. The regulations establish a complex regulatory framework on a variety
of subjects, including:
the circumstances under which uses and disclosures of protected health information are permitted or
required without a specific authorization by the patient, including but not limited to treatment purposes,
activities to obtain payment for our services and our healthcare operations activities;
a patient’s rights to access, amend and receive an accounting of certain disclosures of protected health
information;
the content of notices of privacy practices for protected health information; and
administrative, technical and physical safeguards required of entities that use or receive protected health
information.
We have implemented practices to meet the requirements of the HIPAA privacy regulations. The HIPAA
privacy regulations establish a “floor’’ and do not supersede state laws that are more stringent. Therefore, we
are required to comply with both federal privacy standards and varying state privacy laws. In addition, for
healthcare data transfers relating to citizens of other countries, we need to comply with the laws of other
countries. The federal privacy regulations restrict our ability to use or disclose patient-identifiable laboratory
data, without patient authorization, for purposes other than payment, treatment or healthcare operations (as
defined by HIPAA) except for disclosures for various public policy purposes and other permitted purposes
outlined in the final privacy regulations. The privacy regulations provide for significant fines and other penalties
for wrongful use or disclosure of protected health information, including potential civil and criminal fines and
penalties. Although the HIPAA statute and regulations do not expressly provide for a private right of damages,
we could incur damages under state laws to private parties for the wrongful use or disclosure of confidential
health information or other private personal information.
The final HIPAA security regulations, which establish requirements for safeguarding electronic patient
information, were published on February 20, 2003 and became effective on April 21, 2003, although healthcare
providers had until April 20, 2005 to comply. We have implemented policies and standards to reasonably and
appropriately comply with the requirements of the regulations.
The final HIPAA regulations for electronic transactions, which we refer to as the transaction standards,
establish uniform standards for electronic transactions and code sets, including the electronic transactions and
code sets used for billing claims, remittance advices, enrollment and eligibility. HHS issued guidance on
July 24, 2003 stating that it would not penalize a covered entity for post-implementation date transactions that
are not fully compliant with the transactions standards, if the covered entity could demonstrate its good faith
efforts to comply with the standards. However, beginning October 1, 2005, CMS no longer processes incoming
non-HIPAA compliant electronic Medicare claims.
Many of our payers were not ready to implement the transaction standards by the October 2003
compliance deadline or were not ready to test or trouble-shoot claims submissions. Since that time, significant
progress has been made in implementing the transaction standards with our payers. As of December 31, 2005,
we are substantially complete with the conversion to the required standard format for our electronic
14