here for HIPPA Links
If you are in
the healthcare industry, you have probably
heard some rumblings about the Health Insurance
Portability and Accountability Act of 1996,
coolly referred to as HIPAA. The word is
your medical practice will have to be HIPAA
compliant by April 2003, but you're not
exactly sure what this act mandates or how
to accomplish it.
In very basic terms, HIPAA has two primary
components to which hospitals, health
plans, healthcare "clearinghouses," and
healthcare providers must conform:
simplification, which calls for use of
the same computer language industry-wide;
protection, which requires healthcare
providers to take reasonable measures
to protect patients’ written,
oral, and electronic information.
HIPAA in an effort "to protect the
privacy and security of individually identifiable
health information."1 Additionally,
lawmakers "sought to reduce the administrative
costs and burden associated with healthcare
by standardizing data and facilitating transmission
of many administrative and financial transactions." 1
say the new regulations should save the
healthcare industry money in the long run,
provide improved security of patient information,
and allow patients to have better access
to their own healthcare information.
While the HIPAA regulations call for the
medical industry to reexamine how it protects
patient information, the standards put
in place by HIPAA do not
provide any cookie-cutter answers, says Leah Hole-Curry, HIPAA legal counsel
for FOX Systems, a HIPAA consulting firm. "HIPAA doesn’t necessarily
prescribe the solutions, but it does require physicians to look at all of
the ways that they use and access data today and determine whether that’s
reasonable or not."
To help you begin
your HIPAA compliance process, following
are some practical ideas for rethinking
how you maintain and use patient information
in your office.
a HIPAA officer
Appoint one or two staff members (depending
on the size of your office) to review
the HIPAA act, determine the changes your
practice needs to make,
and decide if you’ll need outside help.
To keep this
project manageable, do not wait until the
last minute. Remember: most of the healthcare
industry will have to be HIPAA compliant
by April 14, 2003.
compliance is not optional. Those found
in violation of the act will be penalized:
penalties range up to $25,000 per violation
of each standard.
penalties range up to $250,000 in fines
and/or up to 10 years in prison."3
An important part of HIPAA is the minimum use standard, which mandates that
healthcare providers use and disclose patient information in ways that are
minimally necessary to accomplish the task.
a billing clerk does not need access to
a patient’s entire medical history
to bill for a service rendered, says Hole-Curry.
Therefore, you may want to divide patient
files into sections, having an office policy
that clearly states who may access each
to pocket-style classification folders,
which have two envelope-like pockets where
classified information could be stored.
General information could be attached to
the folder using the built-in fasteners.
Take a look at the outside of your file
folders. Do they possess identifiable
patient information, such as the patient’s
name, address, social security number,
birth date, phone number, or specific
information about a health
condition? If so, you may need to re-label your files. Consider converting
to a color-coded system that allows you to file alphabetically or numerically.
Some label products will even permit you to print new labels right from your
PC and personal printer.
Patient files should not be reviewed in front of other patients. Accomplishing
this task may become particularly tricky if the staff members who regularly
review files also work at the reception desk.
You may want
to partition off a small area of the reception
desk with a panel system.
When possible, files that are not in use
should be locked. Locking the room where
files are stored is a good start, but
remember that cleaning, building,
and other staff may enter your office while you are not there. According
to Hole-Curry, "the less risk option would be to have a locking mechanism
on your paper files, where you can have your staff lock them up at the end
of the day" or when they are not in use.
You may want
to take this opportunity to re-think how
you file and purchase new filing cabinets – with
locks. You may now choose from vertical,
lateral, and open-shelf systems.
If a new filing
system is not in the budget and your current
cabinets do not have locks, it’s possible
that they can be retrofitted with locks.
For example, you can purchase a lock accessory
for several Hon® file cabinets and easily
install locks to select models.
To remind your staff not to discuss patient
information in public areas, Hole-Curry
recommends posting signs in elevators,
hallways, reception areas,
etc that say: ‘Remember your patients can hear you.’
Patients will gain new rights when HIPAA goes into full effect in April of
2003. Healthcare providers will have to notify patients of how patient information
is used within the office and disclosed to outside sources.
Type up a sheet explaining your use and disclosure procedures and have copies
ready to present to patients who ask for this information. To make the
document look more professional, consider using business stationery.
Make your own checklist of tasks that
must be completed – and when.
Some questions to address are:
you trained your employees on the confidentiality
of health information and their responsibilities?
you created formal, written security policies
and shared them with your staff?
employees leave, are their computer passwords
immediately deleted or canceled?
a complete list of questions, check out
the Fox Systems HIPAA Readiness Assessment
in with your state health department
Due to the complexity of HIPAA, many state health departments are offering
Visit Staples.com to
purchase items you may need to help you
be compliant with HIPAA.
Always Wanted to Know about HIPAA... but
Were Afraid to Ask, Management Tools for
Managed Care, Linnaeus, Inc.
The information contained
in this article is for general guidance.
Such information is provided on a blind-basis,
without any knowledge as to your industry,
identity, or specific circumstances. The
application and impact of relevant laws
will vary from jurisdiction to jurisdiction.
There may also be delays, omissions, or
inaccuracies in information contained
in this site. The information on this
site is provided with the understanding
that activitytherapy.com and its affiliated
entities, and various authors and publishers
providing such information are not engaged
in, and that providing such information
does not constitute the rendering of,
legal, accounting, tax, career, or other
professional advice or services. As such,
information on this site should not be
relied upon or used as a substitute for
direct consultation with professional