This information is intended to help you better understand HIPAA and help your office become a HIPAA standard. This information comes from a variety of sources and is not intended to provide legal advice. If you have difficulty understanding any part of the HIPAA regulations, please consult your legal counsel.
from
First of all, there is no HIPAA police. No one will come to your office to check if you are compliant with HIPAA standards. A complaint must be submitted to take any action.
What is HIPAA?
HIPAA stands for Health Insurance Portability and Accountability Act. It was enacted by the federal government in 1996 as part of the health care reform effort. HIPAA is designed to ensure the confidentiality of all patient-related health care information. It also intends to streamline administrative procedures for health care, thereby reducing the cost and administrative burden of health care.
One thing to keep in mind is that the HIPAA Act uses the word "reasonable" many times. You and your office staff must do anything reasonable to protect the privacy of your patients. For example, a smaller medical office does not have to take the same privacy measures as a large hospital. That is not reasonable.
In addition, there is no "privacy police." No one will come in and check your office. Someone must first file a complaint. Complaints will be handled by the Civil Rights Office. If a complaint is filed, it will be investigated. The penalty is very high, so you need to make sure your office has good privacy practices and always follow these conventions.
Another thing to remember is that your practice type may determine the level of privacy you need to get. For example, patients in the optometrist's office may not care about the people who know them, not the patients in the mental health office.
from
HIPAA has several different components, each with its own implementation date.
Section 2: Privacy Components: Implementation Date: April 2002
1. You must do everything possible to protect the privacy of your patients.
2. The patient's files and information should be kept in the secure part of the office and not accessible to other patients.
You should not put the chart around and open a place where someone can read it.
4. If you are calling to ask a patient or patient, you need to do it from an area that you cannot hear if you are providing personal information. For example, if you call their insurance company and you will name the patient, date of birth, ID number and/or diagnosis, then others may be in the waiting room and can hear you.
5. If the patient's chart is removed from the office, you need to make a policy. For example, you should have an exit form that describes the patient's name, date, what was pressed, and then re-login when returning to the chart.
6. If the chart is deleted, it should be marked as "Confidential - Medical Record". If you are involved in an accident or are separated from your baggage for any reason, both the authorities and the medical staff will protect the information for you. Or you will at least do anything reasonable to protect this information.
7. If the computer screen is in a location that the patient can view, you may need to move them or get a screen cover. The screen cover allows the computer screen to be read directly in front of it.
from
These are just a few things to consider when complying with the HIPAA standard. Each office has its own area to review. These are many common areas.
Section 3: Administrative Simplification: Compliance Date: October 2002
This component requires standardized data transfer, or EDI and process/diagnostic code.
As for the standardization of the program/diagnostic code, this means that the CPT-4 code must be used as the program code and the ICD-9 code is used as the diagnostic code.
As for the standardization of EDI, this refers to your electronic bill. To submit a claim electronically, you must submit it in a HIPAA-compliant format.
Section 4: Security Components: Implementation Date Not Set
This section requires health care professionals, billing services, and clearing houses to take appropriate security measures to ensure that personal health information is kept safe and accessible to others.
Things to consider:
Where is your fax machine? Is it a place where only office workers can access incoming faxes? 24 hours a day? If you are out of the office [after office hours], is there anyone else who can access your fax machine?
from
Whenever you fax personal information about a patient, you should use a cover page with a confidential notice. The statement should state that the following fax contains personal medical information, and if the fax was received by anyone other than the target, the fax should be destroyed and you should be notified that the fax was received in error.
Do you hire cleaners/staff? Are you out of the office? Can they access the patient's personal information? You may want to ask them to sign a confidentiality statement.
Do you rent an office? If so, can your landlord enter your office? Without you present, will they enter your office? If they do, you may want them to sign a privacy statement.
By asking a person who has access to your office to sign a confidentiality statement, you are reasonably trying to protect the privacy of your patients. It is not always reasonable to never allow anyone to access an area that contains private information. If these people sign the agreement and then announce the agreement, you will not be held responsible.
If you do any business by email, you will need to use an encryption service. This will ensure that if someone intercepts your email, they will not be able to read them.
Section 5: Privacy Officer
All offices must design an authorized "Privacy Officer". This person will be responsible for ensuring that all employees receive HIPAA training and to ensure that the privacy policy is typed and followed. For HIPAA compliance, they can also be any questions or concerns that the staff or patient can solve. Even if you are a very small exercise, you must have someone designated as a privacy officer. It might even be Doctor Themself.
Section 6: Patient Information / Consent Release
You will need to obtain written consent from the patient to post any of their records/information.
[Exception: if the request is due to immediate/emergency care of the patient.]
You should review your current consent and authorization forms to ensure they are HIPAA compliant. HIPAA requires you to agree to use and disclose information about each of your patients. You can refuse treatment for patients who do not sign the consent form.
Section 7: Unique identifier: implementation date has not been set
HIPAA will enforce the use of unique identifiers. More content comes from this component. You are most likely to have a country provider number instead of a different provider number for each insurance company.
Section 8: Policies and procedures required by HIPAA
1. Identify employees who need access to protected health information.
2. Prevent unauthorized people from accessing protected health information.
3. Ensure that the "minimum necessary" amount of information is published for regular disclosure [only information related to the requested content is published, not the entire file of the patient.]
4. Verify the identity of the information requester.
5. Provide patients with access to their records, opportunities for corrections, and opportunities to access and record disclosures.
6. Each office must have a written policy on privacy practices.
Summary
Assess your physical office for potential privacy and security risks. One of the best things you can do to "prepare" for HIPAA is to walk through [better - let others pass] your office is like you are a patient. look around. What do you see? Do you see any individual patient information, charts in full view? From the front door, through each room in the office, especially the room that the patient can enter. Then continue to check regularly to ensure continued compliance.
Make sure you have written policies about any privacy practices, such as deleting a chart from the office, faxing patient information, reviewing any complaints from patients, and more. Also, make sure you design the "Privacy Officer."
Ensure that all employees have received training on HIPAA policies. Remember to train any/all new employees about the HIPAA policy. You should also check your current HIPAA policy regularly.
Orignal From: HIPAA and how it will affect your office
No comments:
Post a Comment