 
HIPAA Advisory
"Protecting your patient's privacy is a part of
quality care!"
By now, ALL physicians must be HIPAA compliant when
submitting electronic claims. Although all physicians are not required to
file claims electronic, there are so many benefits of submitting claims
electronically. Most insurance carriers will not accept "hand written"
CMS1500 forms anymore, we have even seen some Workers Compensation
carriers return or reject them. Being HIPAA compliant is not difficult, it
just takes some common sense and using the correct forms to protect your
patient's privacy. Remember, if you were a patient, you would want your
private healthcare information completely protected.
We are NOT going to tell you that being HIPAA
compliant is NOT going tot change the way your practice is run, that would
be a big misconception. Protecting your patient's private health records
is important, and your practice will need to take necessary steps to be
sure to be compliant and stay compliant. Read On to find out how HIPAA
will affect YOUR practice.
Do you have to be HIPAA
compliant?
It's conditional, but definitely if you:
-
Employ more than 10 full-time employees, you are
required to file Medicare electronically, therefore you are a covered
entity.
-
If you use a Billing Center to file your claims.
-
If you sign a Business Associates Agreement with any
entity or third party company.
-
If you are filing ANY claims electronically.
If you are a practice using paper claims under the
conditions below, you are NOT a covered Entity, therefore you are not
required to be HIPAA compliant:
-
Keep records in your office on paper
-
Filing ONLY paper claims
-
Do not utilize a billing company, clearinghouse or any
other third party to conduct transactions such as electronic claim
submissions on behalf of your practice.
-
Do not volunteer to become a HIPAA entity by function,
contract or certification
-
Do not put any patient or practice information into a
computer, all data must be stored on paper.
-
You do not FAX, email or utilize any means of electronic
communication.
-
Do not reside in a state that mandates that all
providers be HIPAA entities.
If you do ALL of the above, you are NOT a covered
entity ad do not have to be compliant.
There are four components of HIPAA,
they are:
-
Electronic Transaction and Code Set Standards
Requirements
-
Privacy Standards Requirements
-
Security Standards Requirements
-
National Identifier Requirements
Who is Affected by HIPAA?
HIPAA requirements apply directly to 3 specific groups
commonly referred to as "Covered Entities". These Covered Entities
include:
-
Providers - Those who transmit any PHI electronically
in connection with a transaction for which standard requirements have
been adopted.
-
Health Plans - Thee include any government
(Medicare, Medicaid, etc.;) or non-government organizations and private
plan that provides or pays for medical care. An exception in the law was
granted to State Workers Compensation plans.
-
Health Care Clearinghouses - these are
organizations that translate NON-standard information into a standard
transaction or convert a standard transaction into a non standard
format. This also includes some billing companies and re-pricing
Companies.
What can happen if your
practice is NOT HIPAA compliant and you ARE a Covered Entity?
Improper use or disclosure of PHI (Private Health
Information) can result in the following fines:
-
Civil monetary penalties for HIPAA Privacy Violations
are $100 per incident, up to $25,000 per person, per year, and per
person.
-
A person who knowingly violates HIPAA and obtains IIHI
(Individual Identifiable Health Information) or discusses IIHI to
another person may be fined up to $50,000 and imprisoned up to one
year, or both.
-
If the offense is committed with the intent to sell,
transfer or use IIHI for commercial advantage, personal gain or
malicious
harm, the fine may be up to $250,000 and imprisonment up to ten (10)
years.
|
