Practice Management Alert

HIPAA Cheat Sheet for Billing Offices

Published on Sat Feb 01, 2003

For your practice to meet HIPAAcompliance, each employee has to pull her share of the work. Billers have their own tasks for meeting compliance. Teena George, a certified HIPAAspecialist and owner of Humboldt Medical Solutions, provides the checkpoints on this cheat sheet for billing-office managers and billers who need to meet HIPAAprivacy and security compliance. Lock your offices. Lock your filing cabinets. Lock your faxes in authorized offices and use privacy statement fax cover pages. On your computer monitors, keep a security screen saver, accessible only by a password that a few select members in the office know, and put a timer on it so it will deactivate in 1 to 3 minutes. Turn your computers away from heavily trafficked areas. Inform your staff members of HIPAA. Sign your business-associate contracts (see article 6). Reduce the amount of people who look at patient files. Make sure cleaning crew can't access the files. Specify office positions that do and don't deal with patient files in a meeting with employees. Instruct physicians to look only at files of the patients with whom they're consulting, assisting or providing patient care. Refrain from speaking about patient information to people who don't need it to do their jobs. Everyone in the office is on a "need-to-know basis only," she states. To find out more about how your office can reach HIPAAcompliance, check out this Web site: http://pages.prodigy.net/hummed/index.html. Privacy Policy for Patients,Employees You want patients to know you're taking care of HIPAAwhen you transfer patient information to payers. Create a policy to guarantee them that mum's the word their information isn't going to anyone who is not supposed to see it

George's staff gives patients a form that outlines their privacy. The easy-to-understand one-page letter lets patients know that:
personal patient information is being shared on a need-to-know basis only. personal patient information is shared only if medical staff need the information to do their jobs or if a medically or legally serious situation arises. a full copy of the entire office privacy policy is available on demand if patients want more information. Make sure your patients sign the privacy form, says Stacy Burnett, at Medical Practice Management P.C. in Beaverton, Ore. And make a copy for the patient. (Store the original in your patient's file, George adds.)

You should also retain the patient-signed form in the patient's medical chart, Burnett says. To do this, you can make the privacy notice a two-part copy, with the yellow copy underneath as proof the patient received and signed the notice, Burnett says. "It's a little more expensive, but the peace of mind is worth it."

Update the form, and have the patient re-sign it every six months [...]

You’ve reached your limit of free articles. Already a subscriber? Log in.

Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:

Simple explanations of current healthcare regulations and payer programs
Real-world reporting scenarios solved by our expert coders
Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
Instant access to every article ever published in your eNewsletter
6 annual AAPC-approved CEUs*
The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more

*CEUs available with select eNewsletters.