Solutions Medical Billing Inc.
HIPAA And How It Will Affect Your OfficeThe following information was compiled to help you better understand the HIPAA and to assist your office in becoming compliant. The information was obtained from a variety of sources and is not intended to be legal advice. If you are having difficulty understanding any portion of the regulations you should consult your legal counsel.
Section 1: What is the Health Insurance Portability And Accountability Act?
HIPAA stands for The Health Insurance Portability And Accountability Act. It was enacted by the federal government in 1996 as part of a health care reform effort. HIPAA is intended to ensure confidentiality of all patient related health care information. It also intends to simplify the administrative processes of health care, thereby reducing the costs and administrative burdens of health care. One thing to remember is that the HIPAA Act uses the word reasonable several times. You and your office staff must do whatever reasonable to protect your patient's privacy. For instance, smaller medical offices do not have to take the same privacy measures as large hospitals do. That would not be reasonable.
Also, there are no privacy police. No one is going to come in and inspect your office randomly. Someone must file a complaint first. The complaints will be handled by the Office of Civil Rights. If someone puts in a complaint, then it will be investigated. The fines are very high, so you will want to be sure that your office has good privacy practices and that they are followed all of the time.
Another thing to keep in mind is that the type of your practice may determine the level of privacy that you need to acquire. For example, patients in an optometrist's office may not be as concerned about people knowing they are there, as opposed to patient's in a mental health office.
There are several different components of HIPAA, each one having its own implementation date. Section 2: The Privacy Component : implementation date: April 2002
Section 3: Administrative Simplification:
compliance date: October 2002 A one year extension
to this compliance date can be requested by filing a form with the
Department of Health and human Services by
10/16/02. This component
requires the standardization of data transmissions, or EDI, and
procedure/diagnosis codes. As for the standardization of procedure/diagnosis codes,
this just means that you must use CPT-4 codes for procedure codes and
ICD-9 codes for diagnosis codes.
Section 4: Security Component: no implementation date set yet This component requires that health care professionals, Billing Services, and clearing houses take appropriate security measures to assure that health information pertaining to an individual remains secure and is not accessible by others.
Things to consider:
Section 5: Privacy Officer
All offices must designate a mandated privacy officer. This person would be responsible for making sure all staff are HIPAA trained and that privacy policies are typed up and followed. They would also be the person that staff members or patients could go to with any concerns or questions about HIPAA compliance. Even if you are a very small practice, you MUST have someone designated as the privacy officer. It may even be the Doctor herself.
Section 6: Release of Patient Information/Consent
You need to have the patient's written consent in order to release any of their records/information. (Exception: If request is due to immediate/urgent care of patient.)
You should review your current consent and authorization forms to make sure they are HIPAA compliant. HIPAA requires you to obtain consent for the use and disclosure of information from each of your patients. You may refuse to treat patients who will not sign the consent form.
Section 7: Unique Identifiers: No implementation date set yet
HIPAA will mandate the use of unique identifiers. More to come on this component. Most likely you will have one national provider number, instead of a different provider number for each insurance company.
Section 8: Policies and Procedures Required by HIPAA
2. Prevent access to protected health information by unauthorized persons.
3. Ensure that the minimum necessary amount of information is released for routine disclosures (only release information pertaining to what is requested, not the patient's entire file.)
4. Verify the identity of the requester of information.
5. Provide patients access to their records, the opportunity to request corrections, and access to and accounting of disclosures.
6. Every office must have written policies regarding privacy practices.
Evaluate your physical office for potential privacy and security risks. One of the best things that you can do to become ready for HIPAA is to walk through (better yet - have someone else walk through) your office as if you are a patient. Look around at EVERYTHING. What do you see? Do you see any personal patient information, charts in full view? Start right from the front door, and go through every room in your office, especially the rooms that patients have access to. Then continue to do periodic checks to ensure ongoing compliance.
Make sure that you have written policies regarding any privacy practices, such as removing charts from the office, faxing patient information, reviewing any complaints from patients, etc. Also, make sure you designate a privacy officer.
Remember to train any/all new employees regarding HIPAA policies. You should also review your current HIPAA policies regularly.
Return to home page from HIPAA
Copyright 2005-2019 Solutions Medical Billing Inc.