This information is intended to help you better understand HIPAA and help you in your office to be HIPAA compliant. The information has been obtained from various sources and does not intend to provide legal advice. If you are in any difficulty in knowing any part of HIPAA regulations, consult your legal counsel.
First there is no HIPAA police. No one will enter your office to check if you are HIPAA compliant. A complaint must be made to take any action.
What is HIPAA?
HIPAA means the Health Insurance Portability and Accountability Act. The federal government accepted it in 1996 as part of healthcare reforms. The purpose of HIPAA is to ensure the confidentiality of all patient-related health information. It also intends to simplify the administrative procedures for health care, thereby reducing the cost of healthcare and administrative burdens.
It should be recalled that the HIPAA Act uses multiple words "reasonable". You and your office staff have to do everything to protect the patient's privacy. For example, smaller medical offices do not need the same data protection measures as large hospitals. That would not be reasonable.
There are no "privacy officers". No one will log in and randomly check his office. Someone must submit a complaint first. Complaints will be handled by the Civil Rights Agency. If someone complains, they will be examined. The fines are very high, so you want to be sure your office has good privacy practices and keep track of them.
Another thing to keep in mind is that a practical type can determine the level of respect for privacy. For example, patients in an optometric office are not so concerned about people being in there, as opposed to the patient in a mental health office.
HIPAA has several different components, each with its own implementation date.
2nd Section: Data Protection Component: Implementation Date: April 2002
Everything has to be done for every reason to protect the patient's privacy.
2nd Patient files and information should be stored at a safe stage of your office at a stage that is not accessible to other patients.
3rd The charts should not be lying around, opened, where anyone can read it.
4th If you make a telephone call from a patient or a patient, you must do so in an area where you can not hear when you are delivering personal information. For example, if you call an insurance company and tell the patient first and forename, birth date, ID, and / or diagnosis, you do not want others or a waiting room to hear you.
5th If the patient's diagrams are ever removed from the office then a policy must be provided. For example, you must have a checkout sheet that includes the patient's name, date, and then return to return the chart.
6th If the graphs are removed, they must be labeled "confidential medical record". If you ever get involved with some accident or have been separated from the bag for some reason, both the authorities and the medical staff will provide you with the information. Or at least it would have made sense to protect the data.
7th If your computer screens are in a position that patients can view them, you may want to move them or get a screensaver. The screensaver allows the computer screen to be read directly in front of it.
The above are just a few things you should consider when you are HIPAA-compliant. Each office has its own areas to be reviewed.
3rd Section: Administrative Simplification: Compliance Date: October 2002
This component requires standardization of data transmission, EDI and procedure / diagnostic codes. standardization of procedure / diagnostic codes, this only means that CPT-4 codes for code codes and ICD-9 codes must be used for diagnostic codes
EDI standardization refers to electronic billing. In order to submit your claims electronically, you must do so in HIPAA-compliant format.
4th This component requires healthcare professionals, billing services and clearing houses to take appropriate security measures to ensure that health information on individuals is kept safe and that others do not have access to it.
Things to Consider:
Where's your fax machine? Is there a place where only office staff can access incoming faxes? Are you 24 hours a day? If you are not in the office (after an office hours), can anyone else have access to the fax machine?
If you send personal information to the patient, you must use a fax cover page for confidentiality. The statement should explain why the next fax contains personal medical information and if the fax is received by a person other than the intended party, the fax must be destroyed and you must be notified that an error has occurred.
cleaning agent / staff rental? Are you in the office if you are not? Can you access the patient's personal information? You may be asked to sign a confidentiality statement.
Are you looking for office space for rent? If so, can you do the landlord's office? Did you enter your office without being present? If so, ask them to sign a confidentiality statement.
People who have access to their office to sign a confidentiality statement are doing a reasonable job of protecting the patient's data. It is not always reasonable to never allow anyone access to areas that contain private data. If these people sign the agreement and then violate this agreement, they would not be responsible.
If you do business by email, you must use encryption. This ensures that if someone eavesdays their emails, they will not be able to read them.
5th Section: Privacy Officer
Each agency must appoint a proxy. This person would be responsible for ensuring that all staff are HIPAA trained and that privacy policies are written and followed. They would also be the people that employees or patients could have been concerned about concerns about HIPAA compliance or questions. Even if the practice is very small, you have to have someone who is the Data Protection Officer.
6th Section: Release the Package Leaflet
The patient must have written consent to release his / her notes / information.
(Exception: If request is due to patient immediate / urgent care.)
Review your current consent and authorization forms to make sure that HIPAA is compatible. HIPAA requires you to obtain consent to the use and disclosure of patient information. You may refuse to treat patients who do not sign the consent statement.
7th Section: Custom IDs: No Execution Date yet
Specifies the use of HIPAA unique identifiers. You need to get even more to this component. There will probably be a national service number rather than another provider number for every insurer.
8th Section: Rules and Procedures Required by HIPAA
1. Identification of personnel in staff requiring access to protected health information
. Preventing access by unauthorized persons to protected health information
3. Make sure the "minimum" amount of information appears for routine disclosures (only the release information associated with the requested information, not the patient's complete file).
4. Check the identity of the applicant for information
. Provide patients with access to their records, finding remedies, access to and disclosure
. Each office must have written rules on data protection practices.
Evaluate your physical office for potential privacy and security risks. One of the best things we can do is to "get ready" for HIPAA to walk (even better if someone else is acting) in your office as if it were sick. Look around ALL. What you see? Do you see personal patient data, charts on the full map? Start right from the front door and go all the way in your office, especially in the rooms where patients can access. Then continue regular checks to ensure continued compliance.
Make sure you have a written policy on privacy practices, such as removing office charts, informing patients, reviewing patients' complaints, and more. You designate a "privacy officer".
Make sure all staff members are trained in HIPAA policies. Keep in mind that you are preparing all / new applications for HIPAA policies. Review the current HIPAA guidelines.
Source by sbobet