HIPAA & Chiropractic
Many providers have procrastinated because of the difficulty in understanding what the requirements of HIPAA are, or they believe that HIPAA does not pertain to them, as patient privacy has always been addressed in their practice, however; all providers must institute changes to meet the letter of the new privacy law. Providers must have documented policies and practices clearly stating patient privacy and protected health information security, even if you are a solo practitioner with no employees. Patients must receive policies from you regarding consent, authorization, disclosure and rights.
New HIPAA “Security Rule” takes Effect April 20, 2005
Unlike previous HIPAA regulations (such as the Privacy Rule and the Electronic Transactions and Code Sets), the Security Rule has received relatively little publicity. Applicability for the Security Rule is the same as for the Privacy Rule. Covered entities include health plans, healthcare clearinghouses and any healthcare provider who transmits health information for any of the HIPAA electronic transactions such as claims, claims status, eligibility and referrals.
Examples of 2 Useful Forms For Your Office
Notice of Our Privacy Practices
Adobe Acrobat Version
Word Version
Patient Release Form
Adobe Acrobat Version
Word Version
![[acrobat]](../LINKS/GRAPHICS/MINI_Acrobat.gif)
Download The Adobe Acrobat Reader for Free
The Health Insurance Portability and Accountability Act of 1996
Public Law 104-191 ~ 104th Congress ~ August 21, 1996
It is the purpose of this subtitle to improve the Medicare program under title XVIII of the Social Security Act, the medicaid program under title XIX of such Act, and the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.
Notice of Privacy Practices for Protected Health Information
This Adobe Acrobat file states: "The HIPAA Privacy Rule gives individuals a fundamental new right to be informed of the privacy practices of their health care plans and of most of their health care providers, as well as to be informed of their privacy rights with respect to their personal health information".
Top 12 Misconceptions About HIPAA Compliance
Becoming HIPAA compliant is a requirement every health care provider must address. Payers, managed care organizations and malpractice insurance companies are progressing toward meeting the demands of HIPAA for their own organizations, which will restrict the level of participation for those providers who have not done so.
Privacy Notices: The First Level of HIPAA Violations
If you don't use any other health services, you may not realize that virtually every other health-care entity provides a “Notice of Privacy Practices” to its patients/customers. This is an important part of HIPAA compliance that has been required of all health-care providers since the April 14, 2003 deadline. So, your patients are already receiving privacy notices from all other providers (MDs, acupuncturists, drug stores, managed care organizations, etc.) with whom they interact. Have they received your Notice of Privacy Practices?
Centers for Medicare & Medicaid Services HIPAA Page
The Administrative Simplification provisions of HIPAA include: Electronic Transactions and Code Sets, Security, Unique Identifiers and Privacy. For more information on Privacy, visit the
HHS Office for Civil Rights.
HIPAA: A Big Deal Even For Small Practices
Even if your office handles all files in a paper form and a third-party billing service handles your billing, you'll most likely need to comply with HIPAA because almost all billing service handle patient information electronically, especially if they're filing for Medicare of Medicaid benefits. If you’re non-compliant, you’ll probably be caught. Legal experts feel HIPAA will become a “popular” add-on when doctors are investigated for any type of complaint.
HIPAA: Beware the “Ides of April”
The second half of this article outlines things that must be done: (1) Appoint a privacy officer: Failure to do something as basic as this will demonstrate to any agency a lack of concern, and will be significant in the event of any inquiry. (2) Develop and implement required privacy policies: Developing and implementing all the policies and procedures required is key to showing HIPAA compliance. (3) Complete a pre-emption analysis: Check with your attorney to determine if your state privacy laws conflict with HIPAA. (4) Develop, distribute and post notices of privacy: The notice of privacy practices is a high-visibility HIPAA requirement that will be obvious if missing. (5) Provide initial training to staff: If a patient sues for invasion of privacy, there will be no defense for the disregard of training. (6) Develop and use authorization form: Implement a release of information form that your patients must sign. Disclosure of PHI must be included. (7) Identify and contract with business associates: Business Associate agreements should be taken seriously. (8) Know patients' rights under HIPAA: Develop a brief list summarizing these rights, and be certain your staff knows them.
HIPAA Q & As with Howard Ross
Here are answers to some questions generated by the "Everything You Wanted to Know" artilce below.
The Deadline for Compliance With the HIPAA Privacy Rules Is Approaching
The Department of Health and Human Services (HHS) has promulgated the regulation entitled, Standards of Privacy of Individually Identifiable Health Information, i.e., “The Privacy Rules”, which becomes effective on April 14, 2003. The Privacy Rules create national standards to protect individuals' medical records and other personal information.
HIPAA Privacy Laws: Violators Face Jail Time, Fines up to $250,000, and No Payments by Insurance Companies
Some insurance companies have already indicated they will no longer pay providers who are not compliant. Sooner or later, you are going to have to work with your lawyer, a consultant who has HIPAA expertise (whose HIPAA experience is more than the last six months) or utilize a computer program to create administrative and compliance manuals that are customized to your specific practice. Essentially, these are the only ways to become HIPAA- compliant. Boilerplate manuals will not qualify.
An Interview with HIPAA Authority Howard Ross
Let's say you faxed something out, and it went to the wrong person; the patient files a complaint, and it goes to OCR. Representatives come to your office, and you show how your equipment proves that it went to the right phone number, and that you have authorization on a patient disclosure form to use a fax or email. You have only made a mistake, and you won't be fined or penalized. Without that manual that is specific to you or your office (and if it looks like a 'boiler-plated' manual, the OCR and DHHS won't consider it applicable to your office), this complaint could result in a fine or worse. We saw this in the past, when a number of offices copied manuals, and they found that no work was done to make the manual applicable.
Are Your Sign-In Sheets HIPAA Privacy Violations?
HIPAA privacy rules apply to any health care entity that transfers records electronically. If you deal with insurance in any manner, you probably transfer some records electronically. If so, HIPAA applies to all of your patient records. It also applies to those business entities, such as billing or consulting services, that may have access to patient records.
