Horizon (and its affiliated covered entities) is considered a health plan under federal law and a covered entity under the Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191 (HIPAA). This means that Horizon is subject to the administrative simplifications requirements of HIPAA, including its regulations on electronic standard transactions and code sets, privacy, security and National Provider Identifier (NPI) – just as you are, if you or your business associates on your behalf, engage in electronic health coverage transactions, such as for medical claims or encounter submissions.
You are responsible for complying with all applicable state and federal laws and regulations regarding the privacy and security of medical records and other individually identifiable (protected) health information, which Horizon calls Private Information. In addition, for those hospitals, facilities, physicians and other health care professionals which are covered entities under HIPAA, that includes the obligation to comply with the privacy and security requirements of HIPAA, its NPI requirements and many of its other rules.
The federal rules generally allow you to use and disclose Private Information without an authorization from your patient for treatment, payment and health care operations (TPO), as well as for a number of other permissible purposes. This includes uses and disclosures made for the TPO purposes of other covered entities, like Horizon (with limited exceptions).
If you have questions in reference to HIPAA, we suggest that you contact HIPAA consultants and/or attorneys.