HIPPA, Healthcare Insurance Portability And Accountability Act: Part 1
First introduced in 1996, it created guidelines governing employee benefits, fraud, security of patient information, and electronic transactions involving billing and claims processing. In 1999, it was amended to also address Internet security and electronic signatures. Then in 2001, the Bush Administration approved HIPAA with a 24-month implementation period in phases for full compliance by providers. The categories of regulation and compliance include transaction standards, code sets, health care identifiers, electronic signatures, physical security, and privacy issues.
Each category will take effect on different dates during that 24-month period.
Covering Your Bases
Covered entities include: health plans, billing services, and all health care providers engaging in electronic transmission of claims, payment, and insurance. Included are business associates, other doctors in your office, and contract workers or independent contractors. All Complementary Alternative Medicine (CAM) providers will also need to comply. With the growth of CAM and an increase in fraud, CAM providers will especially be targeted for HIPAA compliance. If you are a covered entity, it is important that you protect medical records or face the consequences of HIPAA law.
Entities covered by the privacy and security regulations of HIPAA will face many hurdles, some of which could be very costly. You may be required to pay for risk assessment to identify areas of noncompliance and physically redesign your office for compliance as it relates to securing records. You will definitely have to update your computer with HIPAA compliance software. A word of warning here-make sure to buy HIPAA compliance software and know the vendor. To date, there are very few, if any, software programs on the market that will allow you to become HIPAA compliant, and when available, may be extremely expensive. Also, you will have to train your staff and periodically re-train them and change office procedures and how you store records. Make sure to retain an attorney familiar with HIPAA regulations to guide you. Although you may not have a computer and therefore do not bill electronically, you must still comply with HIPAA in all other areas. Electronic billing will become the way to do business with all insurance companies, who will also need to be compliant with HIPAA. If you are not, compliant, then your claims may not be paid or even allowed to be submitted other than electronically. Insurance contract plans have certain guidelines for participation on the panels. If these guidelines, one of which may be HIPPA compliant, are not met, then you will not be allowed to take part. On the insurance panel.
As a covered entity, there will be increased paperwork in the areas of medical consents,
written patient authorizations, privacy notices-posted and given to patients, and creation of policy and procedures covering disclosure of treatment by you, any other contract worker, independent worker or associate doctor in your office.
Consent forms for treatment must also include HIPAA language as to treatment, payment, or other provider services. Although consent to treat and authorizations may be on a single form, it must be signed separately. Authorizations must be signed by the patient if the provider uses patient information for purposes other than treatment.