Does HIPAA make you want to turn the other way and retreat to your office?
All Things HIPAA
HIPAA? How many of you break out in a cold sweat, turn the other way and run, or retreat to your office- shutting the door quickly? Let’s face it, anyone handling Protected Health Information (PHI) and electronic Protected Health Information (ePHI) must adhere to the Security and Privacy Rules of HIPAA. (Health Insurance Portability and Accountability Act). When HIPAA compliance is in place as part of your operational and patient service strategy, you will operate as a reliable and effective organization while meeting the HIPAA requirements. Complying with HIPAA is not optional or a luxury, every entity in which handles PHI, must meet their HIPAA responsibilities. HIPAA can affect many aspects of your medical entity:
Failure to maintain the integrity of your office notes could result in unsubstantiated billings and refunds from your practice to payers.
Poor compliance with HIPAA privacy and/or security could severely undermine your defense claims should you have a claim of medical professional liability.
Insurance auditors, quality reviews and other reviews of you patient records will depend on your practice efforts to protect the integrity of patient information.
Applying for RAC Insurance requires a Risk Assessment of all policies and procedures.
In addition to the points that were already discussed, did you know?
The Office of Civil Rights (OCR) is a self-funded government agency? To explain what this means to you, their annual budgets is built around the amount of fines that they are able to generate.
The OCR has a user friendly website, in which a disgruntled patient can file an OCR compliant against a covered entity should they feel that their rights have be violated.
The OCR shares as well. If the OCR does find wrong doing after their investigation, the person who submitted the complaint is provided a share of the monetary fine.
OCR audits are conducted by contractors.
You have 15 days to respond to the requested information from the OCR.
The timeframe from start to finish for an OCR investigation; can take up to two years. Two years of consultants, attorneys, auditors and accountants, funded by the covered entity, not the OCR, to defend against an OCR claim.
The OCR is moving to joint agency investigations and layering the dollar amounts for the fines.
HIPAA compliance is not a single task that you get to check off and you are done. HIPAA compliance requires constant vigilance and adjustments to your operations and underlying policies and procedures according to practice changes that affect HIPAA.
Judith Lindsay, owner of JAL Consulting & Associates tackles all the elements of the HIPAA compliance puzzle, successfully assisting covered entities to make sense of it all, implementing the correct policies and procedures that are reasonable and appropriate for their entity. In addition to this monthly newsletter, Judith has authored a 2015 comprehensive and customizable compliance manual that will be launching June 1st 2015. The manual contains procedures, policies, staff training and staff testing.
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.