Chiro.Org is proud to support Logan College and the ICPA for their continuous research into the health benefits of chiropractic care. Please offer them your financial support.
The HIPAA Privacy Rule
U.S. Department of Health & Human Services
The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.
Navigating HIPAA in the Electronic Age:
What DCs Must Know
ACA News ~ March 2015
It has been nearly 20 years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was passed and more than five years since its privacy protections for health care consumers were significantly strengthened by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, as more healthcare transactions became electronic. But even so, many clinicians — especially those in smaller, often non-hospital-affiliated practices such as chiropractic — may not be up to speed on what they need to do to protect their patients’ privacy in the electronic age and comply with laws like HIPAA and HITECH, says Steven Baker, DC, DABFP, DABCO, a councilor with the Council on Chiropractic Education.
HIPAA GETS AN UPDATE: What You Need to Know Now
ACA News ~ November 2013 POP QUIZ: Do you know why Sept. 23, 2013, was significant for covered entities?
It's because Sept. 23 was the date by which covered entities must be compliant with the new portions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that were added when the omnibus rule was finalized in January. What do you need to do in order to be compliant? ACA will help you answer that question and will provide you with the resources you need to be compliant.
Are You Protecting Your Patients' Confidential Information?
NCMIC ~ The Examiner ~ Spring 2009
Doctors -and the people they employ- are expected to protect this confidential patient information and only use it on behalf of the patient. This expectation of confidentiality starts when the doctor/patient relationship begins. When this confidentiality is violated, patients
HIPAA & Chiropractic
Many providers have procrastinated because of the difficulty in understanding what the requirements of HIPAA are, or they believe that HIPAA does not pertain to them, as patient privacy has always been addressed in their practice, however; all providers must institute changes to meet the letter of the new privacy law. Providers must have documented policies and practices clearly stating patient privacy and protected health information security, even if you are a solo practitioner with no employees. Patients must receive policies from you regarding consent, authorization, disclosure and rights.
New HIPAA “Security Rule” takes Effect April 20, 2005
Unlike previous HIPAA regulations (such as the Privacy Rule and the Electronic Transactions and Code Sets), the Security Rule has received relatively little publicity. Applicability for the Security Rule is the same as for the Privacy Rule. Covered entities include health plans, healthcare clearinghouses and any healthcare provider who transmits health information for any of the HIPAA electronic transactions such as claims, claims status, eligibility and referrals.
Notice of Privacy Practices for Protected Health Information
This Adobe Acrobat file states: "The HIPAA Privacy Rule gives individuals a fundamental new right to be informed of the privacy practices of their health care plans and of most of their health care providers, as well as to be informed of their privacy rights with respect to their personal health information".
Top 12 Misconceptions About HIPAA Compliance
Becoming HIPAA compliant is a requirement every health care provider must address. Payers, managed care organizations and malpractice insurance companies are progressing toward meeting the demands of HIPAA for their own organizations, which will restrict the level of participation for those providers who have not done so.
Privacy Notices: The First Level of HIPAA Violations
If you don't use any other health services, you may not realize that virtually every other health-care entity provides a “Notice of Privacy Practices” to its patients/customers. This is an important part of HIPAA compliance that has been required of all health-care providers since the April 14, 2003 deadline. So, your patients are already receiving privacy notices from all other providers (MDs, acupuncturists, drug stores, managed care organizations, etc.) with whom they interact. Have they received your Notice of Privacy Practices?
HIPAA: A Big Deal Even For Small Practices
Even if your office handles all files in a paper form and a third-party billing service handles your billing, you'll most likely need to comply with HIPAA because almost all billing service handle patient information electronically, especially if they're filing for Medicare of Medicaid benefits. If you’re non-compliant, you’ll probably be caught. Legal experts feel HIPAA will become a “popular” add-on when doctors are investigated for any type of complaint.
HIPAA: Beware the “Ides of April”
The second half of this article outlines things that must be done: (1) Appoint a privacy officer: Failure to do something as basic as this will demonstrate to any agency a lack of concern, and will be significant in the event of any inquiry. (2) Develop and implement required privacy policies: Developing and implementing all the policies and procedures required is key to showing HIPAA compliance. (3) Complete a pre-emption analysis: Check with your attorney to determine if your state privacy laws conflict with HIPAA. (4) Develop, distribute and post notices of privacy: The notice of privacy practices is a high-visibility HIPAA requirement that will be obvious if missing. (5) Provide initial training to staff: If a patient sues for invasion of privacy, there will be no defense for the disregard of training. (6) Develop and use authorization form: Implement a release of information form that your patients must sign. Disclosure of PHI must be included. (7) Identify and contract with business associates: Business Associate agreements should be taken seriously. (8) Know patients' rights under HIPAA: Develop a brief list summarizing these rights, and be certain your staff knows them.
The Deadline for Compliance With the HIPAA Privacy Rules Is Approaching
The Department of Health and Human Services (HHS) has promulgated the regulation entitled, Standards of Privacy of Individually Identifiable Health Information, i.e., “The Privacy Rules”, which becomes effective on April 14, 2003. The Privacy Rules create national standards to protect individuals' medical records and other personal information.
HIPAA Privacy Laws: Violators Face Jail Time, Fines up to $250,000, and No Payments by Insurance Companies
Some insurance companies have already indicated they will no longer pay providers who are not compliant. Sooner or later, you are going to have to work with your lawyer, a consultant who has HIPAA expertise (whose HIPAA experience is more than the last six months) or utilize a computer program to create administrative and compliance manuals that are customized to your specific practice. Essentially, these are the only ways to become HIPAA- compliant. Boilerplate manuals will not qualify.
An Interview with HIPAA Authority Howard Ross
Let's say you faxed something out, and it went to the wrong person; the patient files a complaint, and it goes to OCR. Representatives come to your office, and you show how your equipment proves that it went to the right phone number, and that you have authorization on a patient disclosure form to use a fax or email. You have only made a mistake, and you won't be fined or penalized. Without that manual that is specific to you or your office (and if it looks like a 'boiler-plated' manual, the OCR and DHHS won't consider it applicable to your office), this complaint could result in a fine or worse. We saw this in the past, when a number of offices copied manuals, and they found that no work was done to make the manual applicable.
Are Your Sign-In Sheets HIPAA Privacy Violations?
HIPAA privacy rules apply to any health care entity that transfers records electronically. If you deal with insurance in any manner, you probably transfer some records electronically. If so, HIPAA applies to all of your patient records. It also applies to those business entities, such as billing or consulting services, that may have access to patient records.