Practice Management Alert

A practice must take many steps to advance through HIPAAcompliance, and everyone in your billing office should be aware of them, especially the business-associate agreements. Help your practice comply with HIPAAby following these strategies: Work with Your Privacy Officer and Committee Use the HIPAAexpertise created for your benefit. The privacy officer your practice appoints is your HIPAAexpert, and the committee the PO sets up will determine how your office should comply.

As the center of all compliance activities, the privacy officer deals with issues concerning HIPAAimplementation, education, auditing and administering reviews for proactive or reactive purposes. In addition, the privacy officer should outline all of the trials and errors that occur during the compliance program, says Teena George, a certified HIPAAspecialist and owner of Humboldt Medical Solutions.

Often, the privacy officer comes from the physician practice's administrative sector, so beware: You may be the "lucky" candidate. Only large organizations will appoint full-time privacy officers, says Neil Caesar, an attorney with the Greenville, S.C.-based Health Law Center.

If you're not the privacy officer, don't be afraid to approach the PO with your questions and concerns; the privacy officer should be an approachable employee in a high-level position who garners respect from all areas of the office. In other words, you want people who are "good leaders," Caesar clarifies. Read questions and answers for privacy officers (but useful for all billers) in article 2. The privacy officer should organize a committee specifically for HIPAAissues that will be a cross-section of your office. The committee should include a compliance officer and employees from the technology, billing, admissions, medical and clinical departments, risk management, and legal and human resources. If your organization is small, the committee should include fewer departments for fewer tasks.

Your committee is supposed have the expertise to understand your office policies for issues like privacy and determine practical solutions for dealing with HIPAAcompliance problems that arise, so turn to committee members for help.

The committee should start by developing action plans and allocating tasks. Define completion dates for these early activities for a matter of weeks, and stick to these deadlines. Prepare Business-Associates Compliance April 2004 is not that far away; your department should aim to meet the business-associate deadline as early as possible. Define which people and organizations qualify as your business associates under HIPAA. There's been a lot of confusion about this issue, Caesar warns. Not all vendors who provide you a service or can access protected health information (PHI) qualify as business associates. For example, the cleaning company whose employees come across material they shouldn't see does not qualify as a business associate because the cleaning job doesn't necessitate handling that information.

However, for that cleaning company and other [...]