Tame the HIPAA Beast
Published on Tue Apr 01, 2003
You can run, but you can't hide: The HIPAA deadlines are fast approaching. Don't let the high cost of procrastination cripple your practice's billing office - act now.
Every employee in a billing office covered by the Health Insurance Portability and Accountability Act needs to know how HIPAA will change practice policies. Your office's processes, from patient encounters to charge submissions, will change under the healthcare legislation.
Only a few employees will be responsible for creating and enacting new practice policies and educating your workforce about HIPAA, but all employees should have HIPAAtraining and understand how the reg affects the jobs they do in your organization. Whether you're the office manager or the new biller on the block, knowing is half the battle. So ramp up on your office's HIPAA compliance policies to be sure not to violate them.
Office managers should begin the HIPAA compliance project now, if they haven't already. "Procrastination is dangerous," warns Neil Caesar, an attorney with the Greenville, S.C.-based Health Law Center. With expensive penalties for violations, you're looking at a costly consequence for HIPAAnoncompliance, he warns. Medicare could impose sanctions on submitting claims, for example, if it finds your office noncompliant.
Your office should have compliance policies, applicable to all departments, for HIPAA's regulations by the deadlines listed below.
April 14, 2003: deadline for enforcing the Privacy Rule. HIPAA's privacy provisions create national standards for protecting patient medical records and other health information. To read more on the rule, go to http://www.hhs.gov/ocr/hipaa/index.html#Initial%20Guidance.
April 14, 2003: deadline for the business associate agreements for contracts created, or renewed or amended after Oct. 15, 2002. Covered entities (physician practices, organizations, and companies required to comply with HIPAA) must execute contracts with business associates to ensure the protection of protected health information (PHI) as it is transferred out of the covered entity. A business associate is an entity or person who on behalf of a covered entity performs or assists in performing a function or activity involving the use or disclosure of PHI, Caesar says.
April 14, 2004: deadline for the business associate agreements for contracts that were in existence prior to Oct. 15, 2002, and have not been renewed or amended since then or prior to April 14.
Make sure you know your HIPAAstatus before you start compliance efforts. To find out how HIPAArelates to your office, visit this Web site: http://www.cms.hhs.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp.
Ensure Compliance
If you're the office manager in charge of revamping office policies, these tips will help you achieve HIPAA compliance in your billing department. And even if you're not a manager, you're responsible for following the policies, so every employee should heed this advice.
Don't bother learning every HIPAA detail, Caesar says. HIPAA requires only that practice and office policies not violate the rules. You are not required to explore the "minutiae" in the regulations, including alternatives and variations that bulk up the HIPAA commentary, he says. This advice will keep you from wasting time, especially if you're assessing your privacy policy plans. For example, suppose that when you review your protection of confidential patient information, you notice that one of your patient's important documents containing sensitive information is out on a desk, visible to everyone. HIPAA requires that you guard this information and secure it with people who either need access to the information or maintain records. Instead of discussing the sundry suggestions HIPAA has for fixing the problem, just make sure you implement a written policy that keeps patient documents private within the medical charts or with the people who need them, Caesar says.
If it ain't broke, don't fix it. If your business policies protect patient information and secure transactions, you may already be in line with HIPAA guidelines, so don't overhaul your entire system just yet.
HIPAA compliance requires "taking the rules that we have always wanted in place and putting them in writing," according to Karen Gulsrud at Medical Solutions Group. Even if your office ends up needing more than Gulsrud's quick-fix recipe, you can rest assured - HIPAA compliance doesn't have to be a Herculean task. Instead of starting from scratch, review the policies you have already and make sure they comply with HIPAA privacy requirements. Then fix what doesn't comply, Caesar says.
Beware of false information. When it comes to HIPAA compliance advice, especially for the privacy rules, many companies disseminate false information. Don't listen to companies when they tell you to install pricey computer programs and expensive guideline plans. Visit state Web sites instead, or Web sites of trusted companies.