HIPAA Compliance If you are in the healthcare industry, you have probably heard some rumblings about the Health Insurance Portability and Accountability Act of 1996, coolly referred to as HIPAA. The word is your medical practice will have to be HIPAA compliant by April 2003, but you " re not exactly sure what this act mandates or how to accomplish it. In very basic terms, HIPAA has two primary components to which hospitals, health plans, healthcare 'clearinghouses,' and healthcare providers must conform: 1) Administrative simplification, which calls for use of the same computer language industry-wide; 2) Privacy protection, which requires healthcare providers to take reasonable measures to protect patients' written, oral, and electronic information. Congress passed HIPAA in an effort 'to protect the privacy and security of individually identifiable health information. '1 Additionally, lawmakers 'sought to reduce the administrative costs and burden associated with healthcare by standardizing data and facilitating transmission of many administrative and financial transactions.
' 1 HIPAA consultants say the new regulations should save the healthcare industry money in the long run, provide improved security of patient information, and allow patients to have better access to their own healthcare information. While the HIPAA regulations call for the medical industry to reexamine how it protects patient information, the standards put in place by HIPAA do not provide any cookie-cutter answers, says Leah Hole-Curry, HIPAA legal counsel for FOX Systems, a HIPAA consulting firm. 'HIPAA doesn't necessarily prescribe the solutions, but it does require physicians to look at all of the ways that they use and access data today and determine whether that's reasonable or not. ' to help you begin your HIPAA compliance process, following are some practical ideas for rethinking how you maintain and use patient information in your office. Appoint one or two staff members (depending on the size of your office) to review the HIPAA act, determine the changes your practice needs to make, and decide if you " ll need outside help. To keep this project manageable, do not wait until the last minute. Remember: most of the healthcare industry will have to be HIPAA compliant by April 14, 2003.
Furthermore, compliance is not optional. Those found in violation of the act will be penalized: 'Civil penalties range up to $25,000 per violation of each standard. Criminal penalties range up to $250,000 in fines and / or up to 10 years in prison. ' 3 An important part of HIPAA is the minimum use standard, which mandates that healthcare providers use and disclose patient information in ways that are minimally necessary to accomplish the task. For example, a billing clerk does not need access to a patient's entire medical history to bill for a service rendered, says Hole-Curry. Therefore, you may want to divide patient files into sections, having an office policy that clearly states who may access each section.
Consider converting to pocket-style classification folders, which have two envelope-like pockets where classified information could be stored. General information could be attached to the folder using the built-in fasteners. Take a look at the outside of your file folders. Do they possess identifiable patient information, such as the patient's name, address, social security number, birth date, phone number, or specific information about a health condition? If so, you may need to re-label your files. Consider converting to a color-coded system that allows you to file alphabetically or numerically.
Some label products will even permit you to print new labels right from your PC and personal printer. Patient files should not be reviewed in front of other patients. Accomplishing this task may become particularly tricky if the staff members who regularly review files also work at the reception desk. You may want to partition off a small area of the reception desk with a panel system.
When possible, files that are not in use should be locked. Locking the room where files are stored is a good start, but remember that cleaning, building, and other staff may enter your office while you are not there. According to Hole-Curry, 'the less risk option would be to have a locking mechanism on your paper files, where you can have your staff lock them up at the end of the day' or when they are not in use. You may want to take this opportunity to re-think how you file and purchase new filing cabinets - with locks. You may now choose from vertical, lateral, and open-shelf systems. If a new filing system is not in the budget and your current cabinets do not have locks, it's possible that they can be retrofitted with locks.
For example, you can purchase a lock accessory for several file cabinets and easily install locks to select models. To remind your staff not to discuss patient information in public areas, Hole-Curry recommends posting signs in elevators, hallways, reception areas, etc that say: 'Remember your patients can hear you. ' Patients will gain new rights when HIPAA goes into full effect in April of 2003. Healthcare providers will have to notify patients of how patient information is used within the office and disclosed to outside sources. You must be ready or you will pay a huge price for a simple mistake.