• Does HIPAA make you want to turn the other way and retreat to your office?

  • All Things HIPAA

    HIPAA? How many of you break out in a cold sweat, turn the other way and run, or retreat to your office- shutting the door quickly?  Let’s face it, anyone handling Protected Health Information (PHI) and electronic Protected Health Information (ePHI) must adhere to the Security and Privacy Rules of HIPAA. (Health Insurance Portability and Accountability Act). When HIPAA compliance is in place as part of your operational and patient service strategy, you will operate as a reliable and effective organization while meeting the HIPAA requirements.
    Complying with HIPAA is not optional or a luxury, every entity in which handles PHI, must meet their HIPAA responsibilities. HIPAA can affect many aspects of your medical entity:

    1. Failure to maintain the integrity of your office notes could result in unsubstantiated billings and refunds from your practice to payers.
    2. Poor compliance with HIPAA privacy and/or security could severely undermine your defense claims should you have a claim of medical professional liability.
    3. Insurance auditors, quality reviews and other reviews of you patient records will depend on your practice efforts to protect the integrity of patient information.
    4. Applying for RAC Insurance requires a Risk Assessment of all policies and procedures.

    In addition to the points that were already discussed, did you know?

    • The Office of Civil Rights (OCR) is a self-funded government agency? To explain what this means to you, their annual budgets is built around the amount of fines that they are able to generate.
    • The OCR has a user friendly website, in which a disgruntled patient can file an OCR compliant against a covered entity should they feel that their rights have be violated.
    • The OCR shares as well. If the OCR does find wrong doing after their investigation, the person who submitted the complaint is provided a share of the monetary fine.
    • OCR audits are conducted by contractors.
    • You have 15 days to respond to the requested information from the OCR.
    • The timeframe from start to finish for an OCR investigation; can take up to two years. Two years of consultants, attorneys, auditors and accountants, funded by the covered entity, not the OCR, to defend against an OCR claim.
    • The OCR is moving to joint agency investigations and layering the dollar amounts for the fines.

    HIPAA compliance is not a single task that you get to check off and you are done. HIPAA compliance requires constant vigilance and adjustments to your operations and underlying policies and procedures according to practice changes that affect HIPAA.

    Judith Lindsay, owner of JAL Consulting & Associates tackles all the elements of the HIPAA compliance puzzle, successfully assisting covered entities to make sense of it all, implementing the correct policies and procedures that are reasonable and appropriate for their entity.  In addition to this monthly newsletter, Judith has authored a 2015 comprehensive and customizable compliance manual that will be launching June 1st 2015. The manual contains procedures, policies, staff training and staff testing.