Practice Management Alert

Tame the HIPAABeast

You can run, but you can't hide: The HIPAAdeadlines are fast approaching. Don't let the high cost of procrastination cripple your practice's billing office start acting now.

Every employee in a billing office covered by the Health Insurance Portability and Accountability Act needs to know how HIPAAwill change practice policies. Your office's processes, from patient encounters to charge submissions, will change under the monolithic healthcare legislation.

Only a few employees will be responsible for creating and enacting new practice policies and educating your workforce about HIPAA, but all employees should have HIPAAtraining and understand how the reg affects the jobs they do in your organization. Whether you're the office manager or the new biller on the block, knowing is half the battle. Ramp up on your office's HIPAAcompliance policies so you're sure not to violate them.

Office managers should begin the HIPAAcompliance project now, if they haven't already. "Procrastination is dangerous," warns Neil Caesar, an attorney with the Greenville, S.C.-based Health Law Center. With expensive penalties for violations, you're looking at a costly consequence for HIPAAnoncompliance, he says. Medicare could impose sanctions on submitting claims, for example, if it finds your office noncompliant.

Your office should have compliance policies, applicable to all departments, for HIPAA's regulations by the deadlines listed below.

  • April 14, 2003: deadline for enforcing the Privacy Rule. HIPAA's privacy provisions create national standards for protecting patient medical records and other health information. To read more on the rule, go to http://www.hhs. gov/ocr/hipaa/index.html#Initial%20Guidance.
  • April 14, 2003: deadline for the business-associate agreements for contracts created, or renewed or amended after Oct. 15, 2002. Covered entities (physician practices, organizations, and companies required to comply with HIPAA) must execute contracts with business associates to ensure protected health information (PHI) protection as health information is transferred out of the covered entity. Abusiness associate is an entity or person who on behalf of a covered entity performs or assists in performing a function or activity involving the use or disclosure of PHI, Caesar says.
  • April 14, 2004: deadline for the business-associate agreements for contracts that were in existence prior to Oct. 15, 2002 and have not been renewed or amended since then or prior to April 14.

    Make sure you know your HIPAAstatus before you start compliance efforts. To find out how HIPAArelates to your office, visit this Web site: http://www.cms.hhs.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp.

    Ensure Compliance

    If you're the office manager in charge of revamping office policies, these tips will help you achieve HIPAA compliance in your billing department. And even if you're not a manager, you're responsible for following the policies, so every employee should heed this advice.

  • Don't bother learning every HIPAAdetail, Caesar says. HIPAArequires only that practice and office policies not violate the rules. You are not required to explore the "minutiae" in the regulations, including alternatives and variations that bulk up the HIPAA commentary, he explains.

    This advice will keep you from wasting time, especially if you're assessing your privacy policy plans. For example, say you review your protection of confidential patient information and notice that one of your patient's important documents containing sensitive information is out on a desk, visible to everyone. HIPAA requires that you guard this information and secure it with people who either need access to the information or maintain records.

    Instead of discussing the sundry suggestions HIPAA has for fixing the problem, just make sure you implement a written policy that keeps patient documents private within the medical charts or with the people who need them, Caesar says.
  • If it ain't broke, don't fix it. If your business policies protect patient information and secure transactions, you may already be in line with HIPAAguidelines, so don't overhaul your entire system just yet.

    HIPAA compliance requires simply "taking the rules that we have always wanted in place and putting them in writing," says Karen Gulsrud at Medical Solutions Group.

    Even if your office ends up needing more than Gulsrud's quick-fix recipe, you can rest assured HIPAA compliance doesn't have to be a Herculean task. Instead of starting from scratch, review the policies you have already and make sure they comply with HIPAAprivacy requirements. Then fix what doesn't comply, Caesar says.

  • Beware of false information. When it comes to HIPAAcompliance advice, especially for the privacy rules, many companies disseminate false information, warns Teena George, a certified HIPAAspecialist and owner of Humboldt Medical Solutions. Don't listen to companies when they tell you to install pricey computer programs and expensive guideline plans, she states. Visit state Web sites instead, or trusted companies, she says. $ $ $